Commit Graph

21 Commits (094dc384688a506a03f578f35501d4d638c1fad4)

Author SHA1 Message Date
Taylor R Campbell 212c85863a Avoid undefined behaviour with the ctype(3) functions.
ci/woodpecker/push/woodpecker Pipeline was successful Details
fix https://github.com/pkgconf/pkgconf/issues/291

As defined in the C standard:

        In all cases the argument is an int, the value of which shall
        be representable as an unsigned char or shall equal the value
        of the macro EOF.  If the argument has any other value, the
        behavior is undefined.

This is because they're designed to work with the int values returned
by getc or fgetc; they need extra work to handle a char value.

If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed
inputs to the ctype(3) functions are:

        {-1, 0, 1, 2, 3, ..., 255}.

However, on platforms where char is signed, such as x86 with the
usual ABI, code like

        char *ptr = ...;
        ... isspace(*ptr) ...

may pass in values in the range:

        {-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}.

This has two problems:

1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden.

2. The non-EOF byte 0xff is conflated with the value EOF = -1, so
   even though the input is not forbidden, it may give the wrong
   answer.

Casting char to unsigned int first before passing the result to
ctype(3) doesn't help: inputs like -128 are unchanged by this cast,
because (on a two's-complement machine with 32-bit int and unsigned
int), converting the signed char with integer value -128 to unsigned
int gives integer value 2^32 - 128 = 0xffffff80, which is out of
range, and which is converted in int back to -128, which is also out
of range.

It is necessary to cast char inputs to unsigned char first; you can
then cast to unsigned int if you like but there's no need because the
functions will always convert the argument to int by definition.  So
the above fragment needs to be:

        char *ptr = ...;
        ... isspace((unsigned char)*ptr) ...

This patch changes unsigned int casts to unsigned char casts, and
adds unsigned char casts where they are missing.
2023-05-02 11:43:56 -07:00
Andrej Shadura 9ab5ea2e83 doc: personality: Add a documentation header
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
2023-01-22 10:58:01 +00:00
Dylan Baker c581e24a67 personality: use an unsigned to track initializations
Instead of a bool. The latter will result in de-initing leaving the
library unable to init again, which works out for the cli, but is
problematic for other consumers (meson++ and muon).

v2: - Add docs that the functions are not thread safe
2022-02-14 21:22:05 -08:00
Ariadne Conill 78bcb17116 personality: do not perform path filtering on default SYSTEM_INCLUDE_PATHS and SYSTEM_LIBRARY_PATHS
This is not consistent with the way the personality files or environment variables
are handled.

Fixes #224.
2021-07-24 20:06:55 -06:00
Stone Tickle d688a7bd03 implement pkgconf_cross_personality_deinit 2021-07-24 06:08:25 -05:00
Ariadne Conill 008d706958 libpkgconf: personality: default: set want_default_static and want_default_pure to true on windows 2021-03-18 06:03:47 -06:00
Ariadne Conill f9531ce9fe add support for pkgconf_cross_personality_t.want_default_pure 2021-03-18 06:02:00 -06:00
Tobias Stoeckmann 9e16d2709c libpkgconf: personality: fix out of boundary access
It is possible to set the instruction pointer to undefined values by
using an operator larger than ':' in ASCII.

Since the personality function array does not have 256 entries, an
invalid operator can overflow the array.

Proof of concept:

$ echo "a _ b" > poc
$ ln -s $(which pkgconf) poc-pkgconf
$ ./poc-pkgconf
2020-05-25 05:55:39 -06:00
Ariadne Conill 48dc665ae3 personality: add support for WantDefaultStatic setting 2019-10-19 00:56:17 -05:00
Ariadne Conill 2adafc2729 libpkgconf: personality: return the default personality if loading a personality file failed 2019-08-23 12:48:11 -05:00
Alexander Tsoy db9c1e96a1
fix the order of header includes
config.h should be included before stdinc.h, otherwise large file
support is not enabled.

Downstream bug: https://bugs.gentoo.org/687548
2019-06-08 04:55:52 +03:00
William Pitcock 43ca536b9f lite: disable some bloat 2019-05-06 15:13:17 -05:00
Ignacio Casal Quinteiro c9dffb8570 Fix build on windows with meson 2018-09-17 15:41:27 +02:00
Graham Ollis 273d1d0461 use pkgconf_strlcpy
On Debian/Ubuntu I get:

  CC       libpkgconf/personality.lo
  libpkgconf/personality.c: In function ‘load_personality_with_path’:
  libpkgconf/personality.c:195:3: warning: implicit declaration of function ‘strlcpy’ [-Wimplicit-function-declaration]
  strlcpy(pathbuf, path, sizeof pathbuf);
        ^~~~~~~
  CC       libpkgconf/parser.lo
  CCLD     libpkgconf.la
  ar: `u' modifier ignored since `D' is the default (see `U')
  CC       cli/pkgconf-main.o
  CC       cli/pkgconf-getopt_long.o
  CC       cli/pkgconf-renderer-msvc.o
  CCLD     pkgconf
  ./.libs/libpkgconf.so: undefined reference to `strlcpy'
2018-06-14 14:46:34 -05:00
William Pitcock 3ccc4454d1 libpkgconf: personality: ensure the path list is properly initialized before searching for triplets 2018-05-10 13:36:22 -05:00
William Pitcock 40897f246b libpkgconf: personality: remove const from the default personality, since it's not really const 2018-05-09 22:52:27 -05:00
William Pitcock e6ce6c8edd libpkgconf: personality: fixups 2018-05-09 22:39:39 -05:00
William Pitcock 751348298b libpkgconf: personality: fill in the rest of the personality parser 2018-05-09 22:08:28 -05:00
William Pitcock 9439b683ca libpkgconf: personality: add stub cross personality loader 2018-05-09 19:27:53 -05:00
William Pitcock 6b0e346c28 libpkgconf: refactor building the dir lists into separate concerns 2018-05-09 17:07:26 -05:00
William Pitcock 854490c5b9 libpkgconf: add basic support for cross-compile personality objects 2018-05-09 16:54:21 -05:00