Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: PATCH: spelling correction buffer overflow

X-seq: zsh-workers 42560
From: Oliver Kiddle <okiddle@xxxxxxxxxxx>
To: Kamil Dudka <kdudka@xxxxxxxxxx>
Subject: Re: PATCH: spelling correction buffer overflow
Date: Wed, 28 Mar 2018 16:07:24 +0200
Authentication-results: amavisd4.gkg.net (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.co.uk
Cc: zsh-workers@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s2048; t=1522285844; bh=tYVshbh8isUPf+aTD6EbRVjA+aO+fIGJ4E5fyX1tXbg=; h=From:References:To:Subject:Date:From:Subject; b=iQ6hM6+EvtGqhFVmRiHeWNnlRPROEgkY4B8KZqS2mo5cLPJxdlLOB3PGwH1oO9Jocc0Zh1bskZb8hJ91pJ9IRnwLNyTElxOKye18gvLuI8cjZqrhWTMOMDkgTdxxOKnzbpMslc/Fw/6bm26nKjf15P5tOV3WL9TMupau6Gk7zp/JUnI0XW5Hs2NYFWgcV595WHjSdlSSAxMht/qlM4xTB8e/XgJZUj41W1IIGBarFXQP/fTpYFb18P8zNRPRyHFacNtkUPWkxYsBA8UcFAJ57u6tqXnmT5/BPKzG9aGrxXolUpXUenEq8P/i5OWg9SfpKe8jKkLFDYpoHXfAoQX2Rg==
In-reply-to: <2328442.7oMNVitVLA@kdudka-nb>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <3579.1522103995@thecus> <52497193.Jvz9bWjiNL@kdudka-nb> <2328442.7oMNVitVLA@kdudka-nb>

Kamil Dudka wrote:
> I spotted that this patch introduced new compiler warnings:
>
> Src/utils.c:4430:26: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
> #   return (new - newname) >= (sizeof(newname)-1) ? NULL : newname;

-Wsign-compare is not on by default and turning it on results in quite a
few warnings for the zsh code. It seems a little silly given that the
compiler ought to be able evaluate sizeof() at compile time and
establish that it is within the range of a signed integer.

> Should we cast RHS of the >= operator to ssize_t or ptrdiff_t to avoid them?

Casts are a bit ugly. The following - adding newname to both the LHS
and RHS - appears to avoid the warning by making both sides of the
comparison of type signed. At least until someone decides that adding an
unsigned to the signed should also generate a warning.

Oliver

diff --git a/Src/utils.c b/Src/utils.c
index eab407eee..3587c3622 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -4396,7 +4396,7 @@ spname(char *oldname)
      * Rationale for this, if there ever was any, has been forgotten.    */
     for (;;) {
 	while (*old == '/') {
-	    if ((new - newname) >= (sizeof(newname)-1))
+            if (new >= newname + sizeof(newname) - 1)
 		return NULL;
 	    *new++ = *old++;
 	}
@@ -4427,7 +4427,7 @@ spname(char *oldname)
 	    if (bestdist < maxthresh) {
 		struncpy(&new, spnameguess, sizeof(newname) - (new - newname));
 		struncpy(&new, old, sizeof(newname) - (new - newname));
-		return (new - newname) >= (sizeof(newname)-1) ? NULL : newname;
+		return (new >= newname + sizeof(newname) - 1) ? NULL : newname;
 	    } else
 	    	return NULL;
 	} else {
@@ -4435,7 +4435,7 @@ spname(char *oldname)
 	    bestdist += thisdist;
 	}
 	for (p = spnamebest; (*new = *p++);) {
-	    if ((new - newname) >= (sizeof(newname)-1))
+	    if (new >= newname + sizeof(newname) - 1)
 		return NULL;
 	    new++;
 	}

Follow-Ups:
- Re: PATCH: spelling correction buffer overflow
  - From: Kamil Dudka

References:
- PATCH: spelling correction buffer overflow
  - From: Oliver Kiddle
- Re: PATCH: spelling correction buffer overflow
  - From: Kamil Dudka
- Re: PATCH: spelling correction buffer overflow
  - From: Kamil Dudka

Messages sorted by: Reverse Date, Date, Thread, Author