CAVEATS It's true that it's explained fairly well. The problem I'm running into multiple times is people that end up not understanding this. I think this discussion has shown that it's a fairly subtle issue (why any code that triggers our warning is necessarily incorrect, where incorrect means that it can lead to undefined behavior on some platform). Actually, that's not quite true; if one can prove by static analysis that a char has value only 0-127, then passing it to isspace() is not wrong -- but the code is still unreasonably fragile, a lesser sin. Thanks to everyone for the helpful and polite discussion.
Description: PGP signature