signed char bug in regexp library
Mikulas Patocka
mikulas at artax.karlin.mff.cuni.cz
Tue Feb 17 12:10:19 PST 2004
> > Hi
> >
> > I ripped regexp library from FreeBSD 4 and use it in another program. I
> > get random crashes because the library casts char to int and uses it as
> > array index ... the most obvious case is engine.i:189:
> > register char *dp;
> > dp += charjump[(int)*dp];
> > but there are many more and I'm unable to spot them all.
>
> This problem was fixed in 2000 by offsetting the array
> so that accesses such as the above work correctly.
> A key part of the fix is this line in regcomp.c:
>
> g->charjump = &g->charjump[-(CHAR_MIN)];
>
> Here's the log entry:
>
> ----------------------------
> revision 1.20
> date: 2000/07/07 07:46:36; author: dcs; state: Exp; lines: +6 -4
> Deal with the signed/unsigned chars issue in a more proper manner. We
> use a CHAR_MIN-based array, like elsewhere in the code.
>
> Remove a number of unused variables (some due to the above change, one
> that was left after a number of optimizing steps through the source).
>
> Brucified by: bde
> ----------------------------
Sorry for bogus bug report --- now I got it. CHAR_MAX was incorrectly
defined as (unsigned) type, so loops like int i; for (i = CHAR_MIN; i <=
CHAR_MAX; i++) in regexp library didn't work. When I changed CHAR_MAX to
signed type, it works fine. Of course it doesn't happen on FreeBSD because
it has signed CHAR_MAX.
Mikulas
More information about the freebsd-hackers
mailing list