[e-lang] E 0.9.3 release?
daw at cs.berkeley.edu
Sun Jan 2 20:45:06 PST 2011
Mark Miller wrote:
> * New warning: "warning: array subscript has type `char'"
> If I saw something that looked like indexing, I would understand. However,
> the warning complains, for example, about the last line of the following
> program fragment. This only happens to me using cygwin gcc on Windows.
> Compiling the same code on my Mac using regular gcc emits no warning.
> void print_pos(char *st_line,char *st_cptr)
> char *s;
> if (st_line == 0) return;
> for (s = st_line; *s != '\n'; ++s)
> if (isprint(*s) || *s == '\t')
This warning is potentially significant, at least in principle.
It relates to a lovely pitfall in C:
Passing a 'char' to isprint() can cause undefined behavior,
under some situations, at least in principle.
Not many folks are aware of this pitfall, but it's a consequence of
explicit text in the standards. (Presumably the standards writers wanted
to allow isprint() to be implemented as a macro that does an unchecked
array access into a fixed lookup table, using its parameter as index;
yet such an implementation can blow up if the parameter is of type 'char'
and 'char' is signed, hence the pitfall above.)
Note that 'undefined behavior' is code for 'really bad things might
happen' (like a buffer overflow vulnerability, for instance), so you
probably don't want any of that in your code.
My impression is that the correct fix is to change the invocation of
isprint() to the following:
isprint((unsigned char) *s)
Here's a reference to the standards:
Wikipedia even has an article on it:
See also this information from the CERT Secure Code guide:
Isn't C programming fun? Whee, so many opportunities to shoot yourself
in the foot!
More information about the e-lang