...
The c_str variable is used to traverse the character string containing the command line to be parsed. As characters are retrieved from this pointer, they are stored in a variable of type int. For compilers in which the char type defaults to signed char, this value is sign-extended when assigned to the int variable. For character code 255 decimal (−1 in two's complement form), this sign extension results in the value −1 being assigned to the integer, which is indistinguishable from EOF.
Noncompliant Code Example
This problem was repaired by explicitly declaring the c_str variable as unsigned char.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
static int yy_string_get() {
register char *c_str;
register int c;
c_str = bash_input.location.string;
c = EOF;
/* If the string doesn't exist or is empty, EOF found */
if (c_str && *c_str) {
/* Cast to unsigned type */
c = (unsigned char)*c_str++;
bash_input.location.string = c_str;
}
return (c);
}
|
Noncompliant Code Example
In this noncompliant example, the cast of *s to unsigned int may result in a value in excess of UCHAR_MAX because of integer promotions, consequently causing the function to violate ARR30-C. Do not form or use out of bounds pointers or array subscripts, leading to undefined behavior:
...