From 41d31dcd19efbf48e2d59068a92310888997b14f Mon Sep 17 00:00:00 2001 From: Matt Whitlock Date: Sat, 16 Aug 2025 22:50:53 -0400 Subject: [PATCH] avoid UB when calling ctype functions The character classification functions in are designed to classify characters returned by getchar() and friends, which return characters as signed integers in the range 0 to 255 or EOF. The behavior of the ctype functions is undefined if they are passed a value outside of that range, which may happen if they are passed a char-typed value and the system's char type is signed. defines some inline utility functions that perform the necessary cast to coerce a char-typed argument into the allowed value range. Call these wrappers instead of the bare ctype functions when classifying char-typed characters. Changelog-None --- common/json_parse.c | 2 +- common/splice_script.c | 2 +- db/db_sqlite3.c | 2 +- devtools/onion.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/common/json_parse.c b/common/json_parse.c index 7b5c31c81..260e9e1b5 100644 --- a/common/json_parse.c +++ b/common/json_parse.c @@ -30,7 +30,7 @@ bool json_to_millionths(const char *buffer, const jsmntok_t *tok, *millionths = 0; for (int i = tok->start; i < tok->end; i++) { - if (isdigit(buffer[i])) { + if (cisdigit(buffer[i])) { has_digits = true; /* Ignore too much precision */ if (decimal_places >= 0 && ++decimal_places > 6) diff --git a/common/splice_script.c b/common/splice_script.c index 453bc6ca5..fd07c3e22 100644 --- a/common/splice_script.c +++ b/common/splice_script.c @@ -503,7 +503,7 @@ char *fmt_splice_script_compiler_error(const tal_t *ctx, static bool is_whitespace(char c) { - return isspace(c); + return cisspace(c); } static struct splice_script_error *clean_whitespace(const tal_t *ctx, diff --git a/db/db_sqlite3.c b/db/db_sqlite3.c index 07ded41f6..171c0e06e 100644 --- a/db/db_sqlite3.c +++ b/db/db_sqlite3.c @@ -418,7 +418,7 @@ static const char *find_column_name(const tal_t *ctx, { size_t start = 0; - while (isspace(sqlpart[start])) + while (cisspace(sqlpart[start])) start++; *after = strspn(sqlpart + start, "abcdefghijklmnopqrstuvwxyz_0123456789") + start; if (*after == start || !cisspace(sqlpart[*after])) diff --git a/devtools/onion.c b/devtools/onion.c index 0d517c15e..ca723afd5 100644 --- a/devtools/onion.c +++ b/devtools/onion.c @@ -145,7 +145,7 @@ static void do_decode(int argc, char **argv, const u8 *assocdata) size_t hexlen = strlen(hextemp); // trim trailing whitespace - while (isspace(hextemp[hexlen-1])) + while (cisspace(hextemp[hexlen-1])) hexlen--; serialized = tal_hexdata(hextemp, hextemp, hexlen);