SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 86

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 87

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

According to the C Standard, subclause 7.4 [ISO/IEC 9899:2011],

The header <ctype.h> declares several functions useful for classifying and mapping characters. In all cases the argument is an int, the value of which shall be representable as an unsigned char or shall equal the value of the macro EOF. If the argument has any other value, the behavior is undefined.

(See also undefined behavior 113.)

Compliance with this This rule is complicated by the fact that applicable only to code that runs on platforms where the char data type can, in any implementation, be signed or unsigned.is defined to have the same range, representation, and behavior as signed char.

Following are the character classification functions that this rule addressesThe following character classification functions are affected:

isalnum()

isalpha()

isascii()XSI

isblank()

iscntrl()

isdigit()

isgraph()

islower()

isprint()

ispunct()

isspace()

isupper()

isxdigit()

toascii()XSI

toupper()

tolower()

NoteNOTE: XSI denotes an X/Open System Interfaces Extension to ISO/IEC 9945—POSIX. The These functions are not defined by the C Standard.

This rule is a specific instance of STR34-C. Cast characters to unsigned char before converting to larger integer sizes is a generalization of this rule.

Noncompliant Code Example

On implementations where plain char is signed, this code example is noncompliant because the parameter to isspace(), *t, is defined as a const char *, and this value may might not be representable as an unsigned char:

...

Passing values to character handling functions that cannot be represented as an unsigned char results in undefined program to character handling functions is undefined behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR37-C

Low

Unlikely

Low

P3

L3

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C Secure Coding StandardSTR34-C. Cast characters to unsigned char before converting to larger integer sizes
CERT C++ Secure Coding StandardSTR37-CPP. Arguments to character handling functions must be representable as an unsigned char
ISO/IEC TS 17961Passing arguments to character-handling functions that are not representable as unsigned char [chrsgnext]
MITRE CWECWE-704, Incorrect type conversion Type Conversion or castCast
CWE-686, Function call with incorrect argument typeCall with Incorrect Argument Type

Bibliography

[ISO/IEC 9899:2011]Subclause 7.4, "Character Handling <ctype.h>"
[Kettlewell 2002]Section 1.1, "<ctype.h> and Characters Types"

...