[Fontconfig] fontconfig: Branch 'main'

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Tue Apr 12 03:56:56 UTC 2022


 src/fccharset.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

New commits:
commit 7dfde9b736c3405a519b570586a30d36664058af
Author: Taylor R Campbell <campbell+fontconfig at mumble.net>
Date:   Thu Apr 7 11:24:35 2022 +0000

    Avoid misuse of ctype(3)
    
    The ctype(3) functions take arguments of type int that are either
    
    (a) EOF, or
    (b) unsigned char values, {0, 1, 2, ..., 255} if char is 8-bit.
    
    Passing values of type char, on platforms where it is signed, can go
    wrong -- negative values may be confused with EOF (typically -1) or
    may lead to undefined behaviour ranging in practice from returning
    garbage data (possibly out of an adjacent buffer in memory that may
    contain secrets) to crashing with SIGSEGV (if the page preceding the
    ctype table is unmapped).
    
    The ctype(3) functions can't themselves convert to unsigned char
    because then they would give the wrong answers for EOF, for use with
    functions like getchar and fgetc; the user has to cast char to
    unsigned char.

diff --git a/src/fccharset.c b/src/fccharset.c
index 832649c..cd927d9 100644
--- a/src/fccharset.c
+++ b/src/fccharset.c
@@ -841,14 +841,14 @@ FcNameParseRange (FcChar8 **string, FcChar32 *pfirst, FcChar32 *plast)
 	char *t;
 	long first, last;
 
-	while (isspace(*s))
+	while (isspace((unsigned char) *s))
 	    s++;
 	t = s;
 	errno = 0;
 	first = last = strtol (s, &s, 16);
 	if (errno)
 	    return FcFalse;
-	while (isspace(*s))
+	while (isspace((unsigned char) *s))
 	    s++;
 	if (*s == '-')
 	{


More information about the Fontconfig mailing list