ctype bug

Matthew Dillon dillon at apollo.backplane.com
Wed Jul 6 17:04:38 PDT 2005


:It returns as much garbage as FreeBSD returned. Returning '0' for an invalid
:argument is as invalid as any other value. Period. Anything else is silently
:breaking programs. I gave you already an example why "supporting" negative char
:values as input is giving wrong results. The code has to be fixed and nothing
:else. This has nothing to do with being a purist, but simply that changing this
:doesn't fix anything, but instead silently produces garbage.
:
:If possible, I'd instruct ld to map a hole before the ctype tables and I'm
:actually thinking about implementing that at run time.
:
:Joerg

    Joerg, this is just wrong.  First, we are not hacking up libc to create
    a memory map whole to work around the fact that you do not want to do
    a simple integer array bounds check.  That's ridiculous.

    Secondly, returning garbage for an undefined value is NOT THE SAME as 
    returning 0 (or some other fixed value).  Allowing garbage to be returned
    is an example of bad programming... very FRAGILE and bad programming,
    that can result in lots of hair pulling when a programmer tries to track
    down a problem.  They aren't even close to being the same thing.

    Don't think that we have a license to return garbage just because the
    standard says that something is undefined.  Undefined does not in any
    way imply that we should return garbage.  It simply leaves it up to
    the implementer and as an implementer DragonFly is NOT going to be
    returning garbage.

    If the standard said that undefined indexes should assert, then we would
    have to assert.  If it leaves it up to us to decide what to do then we
    can decide to assert, or decide to return 0, or decide to return garbage,
    but as project head I am saying straight out that garbage is NOT an
    allowed return value for a ctype function, not in DragonFly.  It is
    unacceptable to me for any ctype function such as isprint(), that programs
    rely on to avoid things like escape sequences being written out to 
    terminals, to return non-zero for any value that is not printable, whether
    or not it is within the bounds of allowed values passed to that function.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Commits mailing list