Date: Tue, 17 Feb 2004 21:10:17 +0100 (CET) From: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz> To: Tim Kientzle <kientzle@acm.org> Cc: freebsd-hackers@freebsd.org Subject: Re: signed char bug in regexp library Message-ID: <Pine.LNX.4.58.0402172105260.31106@artax.karlin.mff.cuni.cz> In-Reply-To: <40325F81.502@acm.org> References: <Pine.LNX.4.58.0402162039280.18066@artax.karlin.mff.cuni.cz> <40325F81.502@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hi > > > > I ripped regexp library from FreeBSD 4 and use it in another program. I > > get random crashes because the library casts char to int and uses it as > > array index ... the most obvious case is engine.i:189: > > register char *dp; > > dp += charjump[(int)*dp]; > > but there are many more and I'm unable to spot them all. > > This problem was fixed in 2000 by offsetting the array > so that accesses such as the above work correctly. > A key part of the fix is this line in regcomp.c: > > g->charjump = &g->charjump[-(CHAR_MIN)]; > > Here's the log entry: > > ---------------------------- > revision 1.20 > date: 2000/07/07 07:46:36; author: dcs; state: Exp; lines: +6 -4 > Deal with the signed/unsigned chars issue in a more proper manner. We > use a CHAR_MIN-based array, like elsewhere in the code. > > Remove a number of unused variables (some due to the above change, one > that was left after a number of optimizing steps through the source). > > Brucified by: bde > ---------------------------- Sorry for bogus bug report --- now I got it. CHAR_MAX was incorrectly defined as (unsigned) type, so loops like int i; for (i = CHAR_MIN; i <= CHAR_MAX; i++) in regexp library didn't work. When I changed CHAR_MAX to signed type, it works fine. Of course it doesn't happen on FreeBSD because it has signed CHAR_MAX. Mikulas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.58.0402172105260.31106>