From 383c232bc2f1661923177437e48ea4cf6bd4e304 Mon Sep 17 00:00:00 2001
From: Tomasz Kramkowski <tk@the-tk.com>
Date: Sun, 7 Nov 2021 22:18:21 +0000
Subject: use safe_islower to avoid UB

---
 common.h | 8 ++++++++
 pack.c   | 2 +-
 unpack.c | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/common.h b/common.h
index abef5af..ed4b05e 100644
--- a/common.h
+++ b/common.h
@@ -7,6 +7,7 @@
 
 #include <limits.h>
 #include <stddef.h>
+#include <ctype.h>
 
 #include "pack.h"
 
@@ -39,6 +40,13 @@
 	T(LLONG,  signed,   long long, long long) \
 	T(ULLONG, unsigned, long long, long long)
 
+// safe_islower: islower but no domain errors
+static inline int safe_islower(int c)
+{
+	if (c < 0 || c > UCHAR_MAX) return 0;
+	return islower(c);
+}
+
 size_t getsize(enum pack_type t);
 
 #endif // !PACK_COMMON_H
diff --git a/pack.c b/pack.c
index 5a603e0..e18455c 100644
--- a/pack.c
+++ b/pack.c
@@ -35,7 +35,7 @@ enum pack_status pack(void *buf_, size_t size, const char *fmt, ...)
 		size_t s;
 		union { uintmax_t unsigned_; intmax_t signed_; } v;
 		tr_debug("i: %d, fmt[i]: %c", i, fmt[i]);
-		sign = islower(fmt[i]);
+		sign = safe_islower(fmt[i]);
 		switch (fmt[i]) {
 		case '>': endianness = PACK_ENDIAN_BIG; continue;
 		case '<': endianness = PACK_ENDIAN_LITTLE; continue;
diff --git a/unpack.c b/unpack.c
index 995eac8..ad38a09 100644
--- a/unpack.c
+++ b/unpack.c
@@ -73,7 +73,7 @@ static void read_fields(struct dest dest, const void *src_, enum pack_endian end
 			double d = ieee754b64_deserialise(val.unsigned_);
 			val.d = d;
 			tr_debug("val.d: %f", val.d);
-		} else if (islower((char)dest.type)) {
+		} else if (safe_islower((char)dest.type)) {
 			intmax_t vals;
 			if (!(val.unsigned_ & (UINTMAX_C(1) << (s * 8 - 1)))) {
 				vals = val.unsigned_;
-- 
cgit v1.2.3-54-g00ecf