Michal Trojnara wrote:
Assuming on some systems isprint(x) != isprint(x&0xff): any idea how to exploit this "insecure" code?
BTW: At least on Linux and Mac OS X isprint() returns 0 in both cases.
The same holds for Solaris. I did not actually encounter an error but just got the idea that something may be insecure here by looking at the lines. After all, isprint etc. are often table-based macros without range-checking the argument. And "man isprint" clearly says that the character is unsigned: (Solaris:) The macro isascii() is defined on all integer values; the rest are defined only where the argument is an int, the value of which is representable as an unsigned char, or EOF, (Linux:) These functions check whether c, which must have the value of an unsigned char or EOF, falls into a certain character class according to the current locale.