...
Assuming that a char is a signed 8-bit value type and an int is a 32-bit valuetype, if getchar() returns the character character value '\xff (decimal 255), it will be interpreted as EOF because this value is sign-extended to 0xFFFFFFFF (the value of EOF) to perform the comparison (see STR34-C. Cast characters to unsigned char before converting to larger integer sizes).
...
Incorrectly assuming characters from a file cannot match EOF or WEOF has resulted in significant vulnerabilities, including command injection attacks (see the *CA-1996-22 advisory).
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO34-C | High | Probable | Medium | P12 | L1 |
...