Avoid unsafe isspace() (AcademySoftwareFoundation#3310)

C isspace() takes an int, but on Windows when building in debug mode, the implementation of isspace() can hit an assert if the value is < 0, which of course it can be if you're looking at a character in a string whose high bit is set (because char is signed). Easiest solution is to make our own Strutil::isspace that does exactly what we want and is safe. Fixes AcademySoftwareFoundation#3300
lgritz · Jan 30, 2022 · d2e4c3c · d2e4c3c
1 parent 2508fd8
commit d2e4c3c
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 10 deletions.
diff --git a/src/hdr.imageio/rgbe.cpp b/src/hdr.imageio/rgbe.cpp
@@ -218,7 +218,7 @@ int RGBE_ReadHeader(FILE *fp, int *width, int *height, rgbe_header_info *info,
   else if (info) {
     info->valid |= RGBE_VALID_PROGRAMTYPE;
     for(i=0;i<(int)sizeof(info->programtype)-1;i++) {
-      if ((buf[i+2] == 0) || isspace(buf[i+2]))
+      if ((buf[i+2] == 0) || Strutil::isspace(buf[i+2]))
 	break;
       info->programtype[i] = buf[i+2];
     }

diff --git a/src/include/OpenImageIO/strutil.h b/src/include/OpenImageIO/strutil.h
@@ -841,6 +841,14 @@ std::string OIIO_UTIL_API utf16_to_utf8(const std::wstring& utf16str) noexcept;
 OIIO_UTIL_API char * safe_strcpy (char *dst, string_view src, size_t size) noexcept;
 
 
+/// Is the character a whitespace character (space, linefeed, tab, carrage
+/// return)? Note: this is safer than C isspace(), which has undefined
+/// behavior for negative char values. Also note that it differs from C
+/// isspace by not detecting form feed or vertical tab, because who cares.
+inline bool isspace(char c) {
+    return c == ' ' || c == '\n' || c == '\t' || c == '\r';
+}
+
 /// Modify str to trim any leading whitespace (space, tab, linefeed, cr)
 /// from the front.
 void OIIO_UTIL_API skip_whitespace (string_view &str) noexcept;

diff --git a/src/libutil/strutil.cpp b/src/libutil/strutil.cpp
@@ -597,16 +597,16 @@ split_whitespace(string_view str, std::vector<string_view>& result,
     // Implementation inspired by Pystring
     string_view::size_type i, j, len = str.size();
     for (i = j = 0; i < len;) {
-        while (i < len && ::isspace(str[i]))
+        while (i < len && Strutil::isspace(str[i]))
             i++;
         j = i;
-        while (i < len && !::isspace(str[i]))
+        while (i < len && !Strutil::isspace(str[i]))
             i++;
         if (j < i) {
             if (--maxsplit <= 0)
                 break;
             result.push_back(str.substr(j, i - j));
-            while (i < len && ::isspace(str[i]))
+            while (i < len && Strutil::isspace(str[i]))
                 i++;
             j = i;
         }
@@ -797,7 +797,7 @@ Strutil::safe_strcpy(char* dst, string_view src, size_t size) noexcept
 void
 Strutil::skip_whitespace(string_view& str) noexcept
 {
-    while (str.size() && isspace(str.front()))
+    while (str.size() && Strutil::isspace(str.front()))
         str.remove_prefix(1);
 }
 
@@ -806,7 +806,7 @@ Strutil::skip_whitespace(string_view& str) noexcept
 void
 Strutil::remove_trailing_whitespace(string_view& str) noexcept
 {
-    while (str.size() && isspace(str.back()))
+    while (str.size() && Strutil::isspace(str.back()))
         str.remove_suffix(1);
 }
 
@@ -911,7 +911,7 @@ Strutil::parse_string(string_view& str, string_view& val, bool eat,
     const char *begin = p.begin(), *end = p.begin();
     bool escaped = false;  // was the prior character a backslash
     while (end != p.end()) {
-        if (isspace(*end) && !quoted)
+        if (Strutil::isspace(*end) && !quoted)
             break;  // not quoted and we hit whitespace: we're done
         if (quoted && *end == lead_char && !escaped)
             break;  // closing quote -- we're done (beware embedded quote)

diff --git a/src/pnm.imageio/pnminput.cpp b/src/pnm.imageio/pnminput.cpp
@@ -90,7 +90,7 @@ inline const char*
 nextToken(std::istream& file, std::string& current_line, const char*& pos)
 {
     while (1) {
-        while (isspace(*pos))
+        while (Strutil::isspace(*pos))
             pos++;
         if (*pos)
             break;
@@ -360,7 +360,7 @@ PNMInput::read_file_header()
                 m_max_val = 1;
 
             //Space before content
-            if (!(isspace(m_file.get()) && m_file.good()))
+            if (!(Strutil::isspace(m_file.get()) && m_file.good()))
                 return false;
             m_header_end_pos = m_file.tellg();  // remember file pos
 
@@ -393,7 +393,7 @@ PNMInput::read_file_header()
             }
 
             //Space before content
-            if (!(isspace(m_file.get()) && m_file.good()))
+            if (!(Strutil::isspace(m_file.get()) && m_file.good()))
                 return false;
             m_header_end_pos = m_file.tellg();  // remember file pos