Re: Trying to crack the Firefox crashing issue
Hello! Nice digging
On Fri, 9 May 2025 at 08:03, Damien Stewart <hypexed@yahoo.com.au> wrote:
>
> The source:
> static int FASTCALL
> streqci(const char *s1, const char *s2) {
> for (;;) {
> char c1 = *s1++;
> char c2 = *s2++;
> if (ASCII_a <= c1 && c1 <= ASCII_z)
> c1 += ASCII_A - ASCII_a;
> if (ASCII_a <= c2 && c2 <= ASCII_z)
> /* The following line will never get executed. streqci() is
> * only called from two places, both of which guarantee to put
> * upper-case strings into s2.
> */
> c2 += ASCII_A - ASCII_a; /* LCOV_EXCL_LINE */
> if (c1 != c2)
> return 0;
> if (! c1)
> break;
> }
> return 1;
> }
I am not sure how rlbox sandboxing works, but looking at this code
from a cross platform perspective, I'd say the use of char is suspect,
because it may or may not be signed depending on platform, and then a
comparison is being performed on it. The first thing I'd do is change
it to:
unsigned char c1 = (unsigned char)*s1++;
unsigned char c2 = (unsigned char)*s2++;
I'd also remove FASTCALL because I don't know how that will behave
with rlbox or ppc in general.
It might be a good idea to also check the rest of expat for similar issues too?
Good luck!
Ed
Reply to: