util: trim() fix for UB on pointer arithmetic - sic - simple irc client
(HTM) git clone git://git.suckless.org/sic
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 058547e707e961e0cb7f8af4877f1b92f4c6d888
(DIR) parent 68c1c4e5110ed6a30cd3da0ae0c2ab0753e02cbb
(HTM) Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Thu, 6 May 2021 12:18:21 +0200
util: trim() fix for UB on pointer arithmetic
Follow-up fix on commit df4c0611366bf361fa263fbc57009cbe68456855
"
While it is true reversing the condition solves a single-byte read at
one before s, there is a second instance of UB.
Having a pointer to one before an object is in of itself UB in C, it's
on the side of language lawyering, but it's UB.
I add here a quote from a C standard draft:
> When an expression that has integer type is added to or subtracted
> from a pointer, the result has the type of the pointer operand.
> If both the pointer operand and the result point to elements of the
> same array object, or one past the last element of the array object,
> the evaluation shall not produce an overflow; otherwise, the
> behavior is undefined.
Taken from: http://www.iso-9899.info/n1570.html#6.5.6p8
"
Thanks Guilherme Janczak <guilherme.janczak@yandex.com>
Diffstat:
M util.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
---
(DIR) diff --git a/util.c b/util.c
@@ -60,8 +60,7 @@ static void
trim(char *s) {
char *e;
- e = s + strlen(s) - 1;
- while(e > s && isspace((unsigned char)*e))
- e--;
- *(e + 1) = '\0';
+ for (e = s + strlen(s); e > s && isspace((unsigned char)*(e - 1)); e--)
+ ;
+ *e = '\0';
}