This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
RE: avoid compiler warning in regex matcher
- From: "Schwarz, Konrad" <konrad dot schwarz at siemens dot com>
- To: Eric Blake <eblake at redhat dot com>, "newlib at sourceware dot org" <newlib at sourceware dot org>
- Date: Tue, 28 Feb 2012 13:12:53 +0100
- Subject: RE: avoid compiler warning in regex matcher
- References: <4F4C1D47.9070703@redhat.com>
> -----Original Message-----
> From: newlib-owner@sourceware.org [mailto:newlib-owner@sourceware.org]
> On Behalf Of Eric Blake
> Sent: Tuesday, February 28, 2012 1:18 AM
> To: newlib@sourceware.org
> Subject: avoid compiler warning in regex matcher
>
> I'm not sure if this warning is the sign of a real exploitable bug, but
> better safe than sorry:
>
> ../../../../../newlib/libc/posix/engine.c: In function smatcher:
> ../../../../../newlib/libc/posix/engine.c:184:5: warning: array
> subscript has type char
> ../../../../../newlib/libc/posix/engine.c:185:6: warning: array
> subscript has type char
> ../../../../../newlib/libc/posix/engine.c:201:5: warning: array
> subscript has type char
>
> OK to apply?
>
>
> 2012-02-27 Eric Blake <eblake@redhat.com>
>
> * libc/posix/engine.c (matcher): Avoid negative index.
>
> Index: libc/posix/engine.c
> ===================================================================
> RCS file: /cvs/src/src/newlib/libc/posix/engine.c,v
> retrieving revision 1.1
> diff -u -p -r1.1 engine.c
> --- libc/posix/engine.c 31 Oct 2008 21:03:41 -0000 1.1
> +++ libc/posix/engine.c 28 Feb 2012 00:15:18 -0000
> @@ -181,8 +181,8 @@ int eflags;
> pp = mustlast;
> for (dp = start+g->mlen-1; dp < stop;) {
> /* Fast skip non-matches */
> - while (dp < stop && charjump[*dp])
> - dp += charjump[*dp];
> + while (dp < stop && charjump[(unsigned
> char)*dp])
> + dp += charjump[(unsigned char)*dp];
>
> if (dp >= stop)
> break;
> @@ -198,7 +198,7 @@ int eflags;
>
> /* Jump to next possible match */
> mj = matchjump[pp - mustfirst];
> - cj = charjump[*dp];
> + cj = charjump[(unsigned char)*dp];
> dp += (cj < mj ? mj : cj);
> pp = mustlast;
> }
Wouldn't it be less source and object code to define dp as
an unsigned char *?
With the casts, extra instructions need to be emitted on a
platform where char is signed to ensure zero extension of
the value.