Is this safe?

This is a discussion on Is this safe? within the C Programming forums, part of the General Programming Boards category; Originally Posted by Dave_Sinkula "My program only breaks if I pass it this data?" Must be a problem with the ...

  1. #46
    ATH0 quzah's Avatar
    Join Date
    Oct 2001
    Posts
    14,826
    Quote Originally Posted by Dave_Sinkula
    "My program only breaks if I pass it this data?" Must be a problem with the data.
    My point was to test the data for problems, and not cast it into something it's not.

    On an aside, all of your put* functions use unsigned chars for output, at least according to the man pages. So using them with your funny-o has already converted it to an unsigned character. Whose argument that helps I'm not sure.

    At any rate, the issue you were having was implementation specific. If you had read your data in as unsigned characters, or, if you had forced your char to be unsigned, you wouldn't have that problem ever. But again, my main point was that blanket typecasts won't catch EOF.

    I still stand by 'test your data, then pass it to functions' rather than just blanket casting it so it fits. Hell, I could use only void * and with the right casts pass anything to whatever I felt like. It doesn't make it a good way to do things.


    Quzah.
    Hope is the first step on the road to disappointment.

  2. #47
    Just Lurking Dave_Sinkula's Avatar
    Join Date
    Oct 2002
    Posts
    5,006
    Yes, either test that the value is within [0,UCHAR_MAX] or force it to be. And EOF shouldn't be put into a string.
    7. It is easier to write an incorrect program than understand a correct one.
    40. There are two ways to write error-free programs; only the third one works.*

  3. #48
    Registered User
    Join Date
    Oct 2001
    Posts
    2,934
    >Store a character with the value 255 in a signed char and see what happens
    tolower() and similar functions take an int, not a signed char.

  4. #49
    FOX
    Join Date
    May 2005
    Posts
    188
    There are two situations for reading data. One is where EOF is involved, where you must use integers instead of chars to hold the input (functions like getchar). Do not cast anything to chars in this situation and you'll be fine.

    The second one involves functions like fgets, where you do not have to worry about EOF. Here you can either declare the chars as unsigned and you don't have to worry about casting the char later on. If you make an unqualified declaration, so the char can be either signed or unsigned, you MUST cast the char to unsigned just before it gets promoted to int in the is* function, like this isalpha((unsigned char)c). Otherwise you'll get undefined behaviour if you've read in an non-ASCII value in a signed char.

    So to sum it up, there's really only one scenario where you need to cast to unsigned.
    Last edited by ^xor; 06-29-2005 at 10:50 PM.

  5. #50
    FOX
    Join Date
    May 2005
    Posts
    188
    > tolower() and similar functions take an int, not a signed char.

    You're missing the point though... Since the functions must be able to check for EOF, they also accept negative integer values. And since any negative value except EOF is undefined, it's possible to cause undefined behaviour by sending negative values that do not equal EOF.

  6. #51
    Registered User
    Join Date
    Jun 2004
    Posts
    201
    Quote Originally Posted by Prelude
    What an entertaining discussion. I wonder how long it will take both sides to realize that the whole argument is pointless.
    quzah thinks that the whole world is crazy except him

  7. #52
    Registered User
    Join Date
    Oct 2001
    Posts
    2,934
    Quote Originally Posted by ^xor
    > tolower() and similar functions take an int, not a signed char.

    You're missing the point though... Since the functions must be able to check for EOF, they also accept negative integer values. And since any negative value except EOF is undefined, it's possible to cause undefined behaviour by sending negative values that do not equal EOF.
    It sounds like you misread what I said:

    >(unless you manage to match the value of EOF in the conversion).
    Which you won't ever do, since EOF is a negative value.

  8. #53
    FOX
    Join Date
    May 2005
    Posts
    188
    > Which you won't ever do, since EOF is a negative value.
    Try to store the value 255 in a signed char, and it will be stored as -1, which incidently matches EOF on most systems.

  9. #54
    Registered User
    Join Date
    Oct 2001
    Posts
    2,934
    >Try to store the value 255 in a signed char
    I don't see any code that Anonytmouse, Dave, or anyone else posted that stores in a signed char which is passed to toupper(). I do see an int cast to an unsigned char. Perhaps that's what you mean.

  10. #55
    FOX
    Join Date
    May 2005
    Posts
    188
    > I don't see any code that Anonytmouse, Dave, or anyone else posted that stores in a signed char which is passed to toupper().

    But you do see lots of code that uses unqualified chars? On my system, unqualified chars default to being signed, so if an user inputs the iso8859-1 character 'y umlaut' (255), you'll end up saving -1 instead.

    What everyone is arguing about, is whether or not you should cast to unsigned char when you use the ctype functions. What I said was that there's only ONE scenario where you should do the cast, and that is when you're getting input from functions that does not return EOF. If you're using functions that return EOF, the variable storing the return value should be an int, so there's no point in making a cast here, and in fact it's wrong since you'll end up trashing EOF eventually! That's what quzah tried to explain.

    However, when you store input from functions like fgets in unqualified chars, you MUST do the cast or you'll end up sending negative values to the ctype functions whenever you encounter non-ASCII characters (assuming the unqualified char defaults to signed). EOF is not an issue here since fgets does not return EOF or save it in the buffer.


    > I do see an int cast to an unsigned char.

    That is WRONG if that int is used for saving the return value from functions that return EOF.
    Last edited by ^xor; 06-30-2005 at 09:46 AM.

  11. #56
    Registered User
    Join Date
    Oct 2001
    Posts
    2,934
    I apologize, I misread your original post, the part in parentheses. For some reason I thought you meant the conversion to unsigned char, but you specifically said in the case where there is no conversion, so I goofed.

Page 4 of 4 FirstFirst 1234
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. type safe issue
    By George2 in forum C++ Programming
    Replies: 4
    Last Post: 02-12-2008, 09:32 PM
  2. Bjarne's exception safe sample
    By George2 in forum C++ Programming
    Replies: 13
    Last Post: 12-28-2007, 05:38 PM
  3. A Safe Dialect of C
    By viaxd in forum Tech Board
    Replies: 11
    Last Post: 11-26-2003, 11:14 AM
  4. How safe is it?
    By hermit in forum A Brief History of Cprogramming.com
    Replies: 40
    Last Post: 05-08-2002, 10:33 PM
  5. Safe Mode on FreeBsd
    By Unregistered in forum A Brief History of Cprogramming.com
    Replies: 1
    Last Post: 10-25-2001, 10:37 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21