Thanks!Hello! Nice digging
It does assume 7-bit ASCII by the looks of it. Going by the rest of the code it only uses 7-bit strings. It's rather pedantic as it defines it's own ASCII character set rather than rely on C strings. :-)On Fri, 9 May 2025 at 08:03, Damien Stewart <hypexed@yahoo.com.au> wrote:The source: static int FASTCALL streqci(const char *s1, const char *s2) { for (;;) { char c1 = *s1++; char c2 = *s2++; if (ASCII_a <= c1 && c1 <= ASCII_z) c1 += ASCII_A - ASCII_a; if (ASCII_a <= c2 && c2 <= ASCII_z) /* The following line will never get executed. streqci() is * only called from two places, both of which guarantee to put * upper-case strings into s2. */ c2 += ASCII_A - ASCII_a; /* LCOV_EXCL_LINE */ if (c1 != c2) return 0; if (! c1) break; } return 1; }I am not sure how rlbox sandboxing works, but looking at this code from a cross platform perspective, I'd say the use of char is suspect, because it may or may not be signed depending on platform, and then a comparison is being performed on it. The first thing I'd do is change it to: unsigned char c1 = (unsigned char)*s1++; unsigned char c2 = (unsigned char)*s2++;
I'd also remove FASTCALL because I don't know how that will behave with rlbox or ppc in general.
According to this it should be blanked out on PPC/non-x86.
https://github.com/libexpat/libexpat/blob/master/expat/lib/internal.h
It might be a good idea to also check the rest of expat for similar issues too? Good luck! Ed
It might. It might be the entry down a rabbit hole as well. :-D
-- My regards, Damien Stewart.