Page History

According to C99C11, Section 7.4,

The header <ctype.h> declares several functions useful for classifying and mapping characters. In all cases the argument is an int, the value of which shall be representable as an unsigned char or shall equal the value of the macro EOF. If the argument has any other value, the behavior is undefined.

(See also undefined behavior 107 113  of Appendix J.)

Compliance with this rule is complicated by the fact that the char data type can, in any implementation, be signed or unsigned.

...

Note: XSI denotes an X/Open System Interfaces Extension to [ ISO/IEC 9945] – POSIX 9945—POSIX ^®. The functions are not defined by C99the C standard.

Rule STR34-C. Cast characters to unsigned char before converting to larger integer sizes is a generalization of this rule.

...

size_t count_preceding_whitespace(const char *s) {
  const char *t = s;

  /* possibly *t < 0 */
  while (*t && isspace(*t)) {
    ++t;
  }
  return t - s;
}

...

size_t count_preceding_whitespace(const char *s) {
  const char *t = s;

  while (*t && isspace((unsigned char)*t)) {
    ++t;
  }
  return t - s;
}

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C++ Secure Coding Standard: STR37-CPP. Arguments to character handling functions must be representable as an unsigned char

ISO/IEC 9899:19992011 Section 7.4, "Character handling <ctype.h>"

ISO/IEC TR 17961 (Draft) Passing arguments to character-handling functions that are not representable as unsigned char [chrsgnext]

MITRE CWE: CWE-704, "Incorrect Type Conversion or Cast"

MITRE CWE: CWE-686, "Function Call With with Incorrect Argument Type"

Bibliography

[Kettlewell 2002] Section 1.1, "<ctype.h> And and Characters Types"

...