According to C99, Section 7.4 of C99
The header
<ctype.h>declares several functions useful for classifying and mapping characters. In all cases the argument is anint, the value of which shall be representable as anunsigned charor shall equal the value of the macroEOF. If the argument has any other value, the behavior is undefined.
...
Compliance with this rule is complicated by the fact that the char data type mightcan, in any implementation, be signed or unsigned.
...
| Wiki Markup |
|---|
Note: XSI denotes an X/Open System Interfaces Extension to \[ISO/IEC 9945\] -- POSIX ^®^. The functions are not defined by C99. |
A generalization of this rule is guideline Rule STR34-C. Cast characters to unsigned types before converting to larger integer sizesis a generalization of this rule.
Noncompliant Code Example
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: STR37-CPP. Arguments to character handling functions must be representable as an unsigned char
...
Wiki Markup ctype.h>"
MITRE CWE: CWE-704, "Incorrect Type Conversion or Cast"
MITRE CWE: CWE-686, "Function Call With Incorrect Argument Type"
Bibliography
| Wiki Markup |
|---|
}}>" \[[Kettlewell 2002|AA. Bibliography#Kettle 02]\] Section 1.1, "<{{ctype.h}}> And Characters Types" \[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 704|http://cwe.mitre.org/data/definitions/704.html], "Incorrect Type Conversion or Cast," [CWE ID 686|http://cwe.mitre.org/data/definitions/686.html], "Function Call With Incorrect Argument Type" |
...
STR36-C. Do not specify the bound of a character array initialized with a string literal 07. Characters and Strings (STR) STR38-C. Do not use wide-char functions on narrow-char strings and vice versa