The following reply was made to PR general/1305; it has been noted by GNATS.
From: Dean Gaudet <[EMAIL PROTECTED]>
To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: general/1305: Apache is *very* unprotected against characters with
8bit set
Date: Thu, 23 Oct 1997 02:47:42 -0700 (PDT)
On Thu, 23 Oct 1997, [KOI8-R] =E1=CE=C4=D2=C5=CA =FE=C5=D2=CE=CF=D7 wrote:
> On 23 Oct 1997 [EMAIL PROTECTED] wrote:
>=20
> > Adding (unsigned char) casts everywhere introduces more potential bugs
> > than it is worth (i.e. it hides other potential signed/unsigned issues)=
=2E
>=20
> Hmm, what potential bugs your mean? I see no absolutely no bugs with this
> cast. Of course I mean not "everywhere" but only in ctype macros.
> Lots of popular software (like tin-unoff f.e.) already do that.
I just mean in general, any time you add a cast you are defeating the
C compiler's type protection mechanisms... and they're already weak
enough to begin with.
> > Any ANSI compiler worth its salt has an option for unsigned chars, gcc
> > included (-funsigned-char). Does your patch have other things in it?
>=20
> Of course making default char "unsigned" will be a sort of solution, if
> Apache not essentialy use char as signed in some places. This solution
> looks too global for me and can cause some prototypes problem...
If Apache assumes char is signed anywhere then that is a bug. ANSI leaves
signed/unsigned char up to the compiler implementation. So we could
easily be bitten by this on some platforms.
> (unsigned char) cast of ctype macro arg is absolutely safe in any
> platform.
Consider this:
char *s;
foo =3D islower((unsigned char)s);
the programmer probably meant to do this:
foo =3D islower((unsigned char)*s);
The cast lets that go through... without a warning. Seems like a pretty
silly thing to do, but I assure you that it'll happen if we start
making (unsigned char) casts all over the place. Besides, it's difficult
for us to maintain (unsigned char) as we move forward -- we have to
remember to add it everywhere.
I think I'd be a lot happier dictating that I18N requires a "good enough"
C compiler.=20
> > But if you're keen on working on it, that's cool, but it needs
> > to be investigated across multiple platforms... and you should
> > join the new-httpd mailing list (via [EMAIL PROTECTED]).
>=20
> Uh, maybe, but I have no time for another project right now...
> I prefer to continue discuss issues I touch with anybody who interested
> without reading yet one mailing list...
understandable :)
Dean
