...
The string variable is used to traverse the character string containing the command line to be parsed. As characters are retrieved from this pointer, they are stored in a variable of type int. For compilers in which the char type defaults to signed char, this value is sign-extended when assigned to the int variable. For character code 255 decimal (-1 in two's complement form), this sign extension results in the value -1 being assigned to the integer ( which is indistinguishable from the EOF integer constant expression.
...
This is a subtle error that result results in a disturbingly broad range of potentially severe vulnerabilitiles.
...