On 9/5/25 7:12 pm, Ed Robbins wrote:
Hello! Nice digging
Thanks!
On Fri, 9 May 2025 at 08:03, Damien Stewart<[email protected]> wrote:
The source:
static int FASTCALL
streqci(const char *s1, const char *s2) {
for (;;) {
char c1 = *s1++;
char c2 = *s2++;
if (ASCII_a <= c1 && c1 <= ASCII_z)
c1 += ASCII_A - ASCII_a;
if (ASCII_a <= c2 && c2 <= ASCII_z)
/* The following line will never get executed. streqci() is
* only called from two places, both of which guarantee to put
* upper-case strings into s2.
*/
c2 += ASCII_A - ASCII_a; /* LCOV_EXCL_LINE */
if (c1 != c2)
return 0;
if (! c1)
break;
}
return 1;
}
I am not sure how rlbox sandboxing works, but looking at this code
from a cross platform perspective, I'd say the use of char is suspect,
because it may or may not be signed depending on platform, and then a
comparison is being performed on it. The first thing I'd do is change
it to:
unsigned char c1 = (unsigned char)*s1++;
unsigned char c2 = (unsigned char)*s2++;
It does assume 7-bit ASCII by the looks of it. Going by the rest of the
code it only uses 7-bit strings. It's rather pedantic as it defines it's
own ASCII character set rather than rely on C strings. :-)
I'd also remove FASTCALL because I don't know how that will behave
with rlbox or ppc in general.
According to this it should be blanked out on PPC/non-x86.
https://github.com/libexpat/libexpat/blob/master/expat/lib/internal.h
It might be a good idea to also check the rest of expat for similar issues too?
Good luck!
Ed
It might. It might be the entry down a rabbit hole as well. :-D
--
My regards,
Damien Stewart.
