Hello, Lyncei,
The problem: If the last character of a string has the 0x80 bit set,
the "i++" in LYLowerCase skips over the terminating NUL and LYLowerCase
coasts througm memory converting characters to lower case until it
encounters a NUL not preceded by 0x80. This usually results in an
Invalid Heap at the next call to free() and Lynx crashes, leaving the
terminal in an insane state.
o This is an intense problem for EBCDIC -- ordinary EBCDIC characters
(letters and digits have 0x80 set). Clearly it's less a problem
for ASCII, but is there a problem that a non-ASCII ISO8859 character
might sneak into LYLowerCase and cause a crash? I haven't checked
all paths to LYLowerCase.
o The problem is manifest if environment variable LC_CTYPE=en_US at
execution time; not if LC_CTYPE is unset at execution time,
regardless that LC_CTYPE=en_US at configure and compile time in
both cases. I haven't tried to understand this.
o Is there a presumption that the setting of LC_CTYPE is identical
at configure, compile, and execution time? This isn't the cause
of my problem -- it was en_US at all three points. But if this is
required it should be enforced with an error message.
o I simply disabled multibyte processing in LYLowerCase and LYUpperCase
if EBCDIC is set. This may be overkill. But I've made no attempt
to support multibyte EBCDIC processing elsewhere, so it's probably
pervasively broken. Perhaps someone else can suggest a more rational
fix. Should I perhaps disable SUPPORT_MULTIBYTE_EDIT early in some
header file if EBCDIC is set?
o I notice that LYUpperCase ends with:
buffer[i] = UCH(TOUPPER(buffer[i]));
LYLowerCase ends with:
buffer[i] = TOLOWER(buffer[i]);
Is there some reason the UCH() conversion is present in LYUpperCase,
but not needed in LYLowerCase?
Thanks,
gil
--
StorageTek
INFORMATION made POWERFUL
%%% Created Mon Oct 22 06:19:54 MDT 2001 by target lynx.patch. %%%
diff -bru orig/lynx2-8-5/src/LYStrings.c lynx2-8-5/src/LYStrings.c
--- orig/lynx2-8-5/src/LYStrings.c Sat Oct 6 16:02:28 2001
+++ lynx2-8-5/src/LYStrings.c Sun Oct 21 15:23:38 2001
@@ -2398,7 +2398,7 @@
register unsigned char *buffer = (unsigned char *) arg_buffer;
size_t i;
for (i = 0; buffer[i]; i++)
-#ifdef SUPPORT_MULTIBYTE_EDIT /* 1998/11/23 (Mon) 17:04:55 */
+#if defined(SUPPORT_MULTIBYTE_EDIT) && ! defined(EBCDIC)
{
if (buffer[i] & 0x80) {
if ((kanji_code == SJIS) && IS_SJIS_X0201KANA(UCH((buffer[i])))) {
@@ -2411,7 +2411,7 @@
}
#else
buffer[i] = TOLOWER(buffer[i]);
-#endif
+#endif /* defined(SUPPORT_MULTIBYTE_EDIT) && ! defined(EBCDIC) */
}
/*
@@ -2423,7 +2423,7 @@
register unsigned char *buffer = (unsigned char *) arg_buffer;
size_t i;
for (i = 0; buffer[i]; i++)
-#ifdef SUPPORT_MULTIBYTE_EDIT /* 1998/11/23 (Mon) 17:05:10 */
+#if defined(SUPPORT_MULTIBYTE_EDIT) && ! defined(EBCDIC)
{
if (buffer[i] & 0x80) {
if ((kanji_code == SJIS) && IS_SJIS_X0201KANA(UCH((buffer[i])))) {
@@ -2436,7 +2436,7 @@
}
#else
buffer[i] = UCH(TOUPPER(buffer[i]));
-#endif
+#endif /* defined(SUPPORT_MULTIBYTE_EDIT) && ! defined(EBCDIC) */
}
/*
