Hello! Nice digging On Fri, 9 May 2025 at 08:03, Damien Stewart <[email protected]> wrote: > > The source: > static int FASTCALL > streqci(const char *s1, const char *s2) { > for (;;) { > char c1 = *s1++; > char c2 = *s2++; > if (ASCII_a <= c1 && c1 <= ASCII_z) > c1 += ASCII_A - ASCII_a; > if (ASCII_a <= c2 && c2 <= ASCII_z) > /* The following line will never get executed. streqci() is > * only called from two places, both of which guarantee to put > * upper-case strings into s2. > */ > c2 += ASCII_A - ASCII_a; /* LCOV_EXCL_LINE */ > if (c1 != c2) > return 0; > if (! c1) > break; > } > return 1; > }
I am not sure how rlbox sandboxing works, but looking at this code from a cross platform perspective, I'd say the use of char is suspect, because it may or may not be signed depending on platform, and then a comparison is being performed on it. The first thing I'd do is change it to: unsigned char c1 = (unsigned char)*s1++; unsigned char c2 = (unsigned char)*s2++; I'd also remove FASTCALL because I don't know how that will behave with rlbox or ppc in general. It might be a good idea to also check the rest of expat for similar issues too? Good luck! Ed
