SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 49 Next »

According to Section 7.4 of C99,

The header <ctype.h> declares several functions useful for classifying and mapping characters. In all cases the argument is an int, the value of which shall be representable as an unsigned char or shall equal the value of the macro EOF. If the argument has any other value, the behavior is undefined.

Compliance with this rule is complicated by the fact that the char data type might, in any implementation, be signed or unsigned.

The following character classification functions are affected:

isalnum()

isalpha()

isascii()

isblank()

iscntrl()

isdigit()

isgraph()

islower()

isprint()

ispunct()

isspace()

isupper()

isxdigit()

toascii()

toupper()

tolower()

Noncompliant Code Example

This noncompliant code example may pass invalid values to the isspace() function.

size_t count_preceding_whitespace(const char *s) {
  const char *t = s;
  size_t length = strlen(s) + 1;

  /* possibly *t < 0 */
  while (isspace(*t) && (t - s < length)) {
    ++t;
  }
  return t - s;
}

Compliant Solution

This compliant solution casts the character to unsigned char before passing it as an argument to the isspace() function.

size_t count_preceding_whitespace(const char *s) {
  const char *t = s;
  size_t length = strlen(s) + 1;

  while (isspace((unsigned char)*t) && (t - s < length)) {
    ++t;
  }
  return t - s;
}

Risk Assessment

Passing values to character handling functions that cannot be represented as an unsigned char results in undefined program behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR37-C

low

unlikely

low

P3

L3

Automated Detection

Compass/ROSE could detect violations of this rule by seeing if the argument to a character-handling function (listed above) is not an unsigned char.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as STR37-CPP. Arguments to character handling functions must be representable as an unsigned char.

References

[[ISO/IEC 9899:1999]] Section 7.4, "Character handling <ctype.h>"
[[Kettlewell 02]] Section 1.1, "<ctype.h> And Characters Types"
[[MITRE 07]] CWE ID 704, "Incorrect Type Conversion or Cast," CWE ID 686, "Function Call With Incorrect Argument Type"

STR36-C. Do not specify the bound of a character array initialized with a string literal      07. Characters and Strings (STR)       08. Memory Management (MEM)

  • No labels