Subject: Re: lib/34632: isalpha() and possibly other ctype functions segfault
To: None <gnats-bugs@NetBSD.org, lib-bug-people@netbsd.org,>
From: Christos Zoulas <christos@zoulas.com>
List: netbsd-bugs
Date: 09/26/2006 17:05:12
On Sep 26,  8:15pm, tony2001@php.net (tony2001@php.net) wrote:
-- Subject: lib/34632: isalpha() and possibly other ctype functions segfault

| >Number:         34632
| >Category:       lib
| >Synopsis:       isalpha() and possibly other ctype functions segfault
| >Confidential:   no
| >Severity:       serious
| >Priority:       medium
| >Responsible:    lib-bug-people
| >State:          open
| >Class:          sw-bug
| >Submitter-Id:   net
| >Arrival-Date:   Tue Sep 26 20:15:00 +0000 2006
| >Originator:     Antony Dovgal
| >Release:        Netbsd 3.0.1 AMD64
| >Organization:
| >Environment:
| >Description:
| (gdb) p word[w_idx]
| $1 = -61 'Ã'
| (gdb) p toupper(word[w_idx])
| $2 = 28518
| (gdb) p isalpha(toupper(word[w_idx]))
| 
| Program received signal SIGSEGV, Segmentation fault.
| 0x0000000200e4eced in isalpha () from /usr/lib/libc.so.12
| 
| See some more details here: http://bugs.php.net/bug.php?id=38961
| 
| Even though the documentation says "the result is undefined when the argument is not EOF or unsigned char", the segfault is definitely not what I would expect to get in this case.
| >How-To-Repeat:
| I guess it should be easy to reproduce with this code:
| #include <ctype.h>
| 
| int main() {
|   isalpha(28518);
|   return 0;
| }

This is not a bug. Undefined includes "segmentation fault". This is why
we cast to (unsigned char) in our sources.

christos