[Bug c/78155] missing warning on invalid isalpha et al.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78155 Bruno Haible changed: What|Removed |Added CC||bruno at clisp dot org --- Comment #6 from Bruno Haible --- Created attachment 48440 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=48440=edit Test case Another test case is the attached program, alpha.c. When run on glibc systems on x86, x86_64, and other CPUs (not powerpc), it sign-extends the 'char' argument; so the character 'ÿ' (in ISO-8859-1 encoding) becomes EOF, and the function returns 0. $ LC_ALL=de_DE.ISO-8859-1 xterm $ ./a.out ÿ not alphabetic The corrected program (with a cast to 'unsigned char' in the isalpha() argument) behaves as expected: $ LC_ALL=de_DE.ISO-8859-1 xterm $ ./a.out ÿ alphabetic
[Bug c/78155] missing warning on invalid isalpha et al.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78155 Eric Gallager changed: What|Removed |Added Blocks||87403 --- Comment #5 from Eric Gallager --- ok, making this block the "new-warning" meta-bug then Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87403 [Bug 87403] [Meta-bug] Issues that suggest a new warning
[Bug c/78155] missing warning on invalid isalpha et al.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78155 --- Comment #4 from Martin Sebor --- I don't really see what existing warning this might fall under, except perhaps -Wchar-subscripts because isalpha and friend use the argument as an index into an array of 257 characters, but that seems like a stretch. I think maybe adding a more general warning option, say something like -Wargument-range, and using it to diagnose all such problems, might be the way to go. To generalize the solution I would even consider adding a new function attribute, let's call it range, to specify the range of valid values of a function argument. Then isalpha (or any other such function) could be declared like so: __attribute__ ((range (/* position = */1, -1, UCHAR_MAX))) int isalpha (int); GCC would then check every call to the function to see if its argument is in the expected range and, if not, issue a warning. The attribute could even be applied multiple times to specify disjoint ranges. Position zero could denote the return value so that toupper could be declared like so __attribute__ ((range (/* returns = */ 0, -1, UCHAR_MAX), range (/* position = */ 1, -1, UCHAR_MAX))) int toupper (int);
[Bug c/78155] missing warning on invalid isalpha et al.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78155 --- Comment #3 from Eric Gallager --- Would you expect this warning to go under an existing flag, or a new one, Martin?
[Bug c/78155] missing warning on invalid isalpha et al.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78155 --- Comment #2 from Eric Gallager --- (In reply to Eric Gallager from comment #1) > When I run the program, it prints 0 rather than crashing. (probably a difference between the Darwin Libc and glibc; it might be worth investigating what other libcs like musl or uclibc do...) > Confirming that a warning would be nice though, for portability to platforms > where it would cause a crash.
[Bug c/78155] missing warning on invalid isalpha et al.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78155 Eric Gallager changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed||2017-07-30 CC||egallager at gcc dot gnu.org Ever confirmed|0 |1 --- Comment #1 from Eric Gallager --- When I run the program, it prints 0 rather than crashing. Confirming that a warning would be nice though, for portability to platforms where it would cause a crash.