subject:"ntdll\: Don't use strncasecmp for

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

2012-10-19 Thread Jacek Caban

On 10/16/12 13:21, Jacek Caban wrote:
>> How exactly? Do you know more details / urls?
>>
>> Does it return -n ... +n values? Like the memcmp optimization that caused 
>> mysql security issue?
>> In that case my patch should work.
> From what I know following call crashes:
> strncasecmp("", "", 1);
> It's probably a corner case for some optimizations.
>

FWIW it was a known, already fixed, upstream glibc bug:
http://sourceware.org/bugzilla/show_bug.cgi?id=14195

Jacek

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

2012-10-16 Thread Alexandre Julliard

Jacek Caban  writes:

> That wasn't the original reason for writing this patch. It seems like
> some distros (well, at least some Gentoo installations) have broken
> strncasecmp.

There are many places in Wine that use strncasecmp, we don't want to
change them all just because of some Gentoo screwup.

-- 
Alexandre Julliard
julli...@winehq.org

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

2012-10-16 Thread Jacek Caban

On 10/16/12 13:16, Marcus Meissner wrote:
> On Tue, Oct 16, 2012 at 01:12:50PM +0200, Jacek Caban wrote:
>> On 10/16/12 13:08, Marcus Meissner wrote:
>>> On Tue, Oct 16, 2012 at 12:38:51PM +0200, Jacek Caban wrote:
 ---
  dlls/ntdll/string.c   |   12 +++-
  dlls/ntdll/tests/string.c |   33 +
  2 files changed, 44 insertions(+), 1 deletions(-)


 diff --git a/dlls/ntdll/string.c b/dlls/ntdll/string.c
 index 716dbdf..288e910 100644
 --- a/dlls/ntdll/string.c
 +++ b/dlls/ntdll/string.c
 @@ -254,7 +254,17 @@ int __cdecl _stricmp( LPCSTR str1, LPCSTR str2 )
   */
  int __cdecl _strnicmp( LPCSTR str1, LPCSTR str2, size_t n )
  {
 -return strncasecmp( str1, str2, n );
 +int ret = 0;
 +
 +/* 32-bit Windows return only -1,0,1 values */
 +while(n--) {
 +if(!*str1)
 +return sizeof(void*) == 4 ? (*str2 ? -1 : 0) : -(unsigned 
 char)*str2;
 +if((ret = tolower(*str1++) - tolower(*str2++)))
 +return sizeof(void*) == 4 ? (ret > 0 ? 1 : -1) : ret;
 +}
>>> Errm. Why not
>>>
>>> int ret = strncasecmp( str1, str2, n );
>>>
>>> if (ret < 0 ) return -1;
>>> if (ret > 0 ) return 1;
>>> return 0;
>> That wasn't the original reason for writing this patch. It seems like
>> some distros (well, at least some Gentoo installations) have broken
>> strncasecmp.
> How exactly? Do you know more details / urls?
>
> Does it return -n ... +n values? Like the memcmp optimization that caused 
> mysql security issue?
> In that case my patch should work.

>From what I know following call crashes:
strncasecmp("", "", 1);
It's probably a corner case for some optimizations.

Jacek

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

2012-10-16 Thread Marcus Meissner

On Tue, Oct 16, 2012 at 01:12:50PM +0200, Jacek Caban wrote:
> On 10/16/12 13:08, Marcus Meissner wrote:
> > On Tue, Oct 16, 2012 at 12:38:51PM +0200, Jacek Caban wrote:
> >> ---
> >>  dlls/ntdll/string.c   |   12 +++-
> >>  dlls/ntdll/tests/string.c |   33 +
> >>  2 files changed, 44 insertions(+), 1 deletions(-)
> >>
> >>
> >> diff --git a/dlls/ntdll/string.c b/dlls/ntdll/string.c
> >> index 716dbdf..288e910 100644
> >> --- a/dlls/ntdll/string.c
> >> +++ b/dlls/ntdll/string.c
> >> @@ -254,7 +254,17 @@ int __cdecl _stricmp( LPCSTR str1, LPCSTR str2 )
> >>   */
> >>  int __cdecl _strnicmp( LPCSTR str1, LPCSTR str2, size_t n )
> >>  {
> >> -return strncasecmp( str1, str2, n );
> >> +int ret = 0;
> >> +
> >> +/* 32-bit Windows return only -1,0,1 values */
> >> +while(n--) {
> >> +if(!*str1)
> >> +return sizeof(void*) == 4 ? (*str2 ? -1 : 0) : -(unsigned 
> >> char)*str2;
> >> +if((ret = tolower(*str1++) - tolower(*str2++)))
> >> +return sizeof(void*) == 4 ? (ret > 0 ? 1 : -1) : ret;
> >> +}
> > Errm. Why not
> >
> > int ret = strncasecmp( str1, str2, n );
> >
> > if (ret < 0 ) return -1;
> > if (ret > 0 ) return 1;
> > return 0;
> 
> That wasn't the original reason for writing this patch. It seems like
> some distros (well, at least some Gentoo installations) have broken
> strncasecmp.

How exactly? Do you know more details / urls?

Does it return -n ... +n values? Like the memcmp optimization that caused mysql 
security issue?
In that case my patch should work.

Ciao, Marcus

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

2012-10-16 Thread Jacek Caban

On 10/16/12 13:08, Marcus Meissner wrote:
> On Tue, Oct 16, 2012 at 12:38:51PM +0200, Jacek Caban wrote:
>> ---
>>  dlls/ntdll/string.c   |   12 +++-
>>  dlls/ntdll/tests/string.c |   33 +
>>  2 files changed, 44 insertions(+), 1 deletions(-)
>>
>>
>> diff --git a/dlls/ntdll/string.c b/dlls/ntdll/string.c
>> index 716dbdf..288e910 100644
>> --- a/dlls/ntdll/string.c
>> +++ b/dlls/ntdll/string.c
>> @@ -254,7 +254,17 @@ int __cdecl _stricmp( LPCSTR str1, LPCSTR str2 )
>>   */
>>  int __cdecl _strnicmp( LPCSTR str1, LPCSTR str2, size_t n )
>>  {
>> -return strncasecmp( str1, str2, n );
>> +int ret = 0;
>> +
>> +/* 32-bit Windows return only -1,0,1 values */
>> +while(n--) {
>> +if(!*str1)
>> +return sizeof(void*) == 4 ? (*str2 ? -1 : 0) : -(unsigned 
>> char)*str2;
>> +if((ret = tolower(*str1++) - tolower(*str2++)))
>> +return sizeof(void*) == 4 ? (ret > 0 ? 1 : -1) : ret;
>> +}
> Errm. Why not
>
> int ret = strncasecmp( str1, str2, n );
>
> if (ret < 0 ) return -1;
> if (ret > 0 ) return 1;
> return 0;

That wasn't the original reason for writing this patch. It seems like
some distros (well, at least some Gentoo installations) have broken
strncasecmp.

Jacek

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

2012-10-16 Thread Marcus Meissner

On Tue, Oct 16, 2012 at 12:38:51PM +0200, Jacek Caban wrote:
> ---
>  dlls/ntdll/string.c   |   12 +++-
>  dlls/ntdll/tests/string.c |   33 +
>  2 files changed, 44 insertions(+), 1 deletions(-)
> 
> 

> diff --git a/dlls/ntdll/string.c b/dlls/ntdll/string.c
> index 716dbdf..288e910 100644
> --- a/dlls/ntdll/string.c
> +++ b/dlls/ntdll/string.c
> @@ -254,7 +254,17 @@ int __cdecl _stricmp( LPCSTR str1, LPCSTR str2 )
>   */
>  int __cdecl _strnicmp( LPCSTR str1, LPCSTR str2, size_t n )
>  {
> -return strncasecmp( str1, str2, n );
> +int ret = 0;
> +
> +/* 32-bit Windows return only -1,0,1 values */
> +while(n--) {
> +if(!*str1)
> +return sizeof(void*) == 4 ? (*str2 ? -1 : 0) : -(unsigned 
> char)*str2;
> +if((ret = tolower(*str1++) - tolower(*str2++)))
> +return sizeof(void*) == 4 ? (ret > 0 ? 1 : -1) : ret;
> +}

Errm. Why not

int ret = strncasecmp( str1, str2, n );

if (ret < 0 ) return -1;
if (ret > 0 ) return 1;
return 0;


Ciao, Marcus

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

Re: ntdll: Don't use strncasecmp for _strnicmp implementation

6 matches

Site Navigation

Mail list logo

Footer information