Re: Public disclosure of discovered vulnerabilities

From: Bryan Olson (fakeaddress_at_nowhere.org)
Date: 06/06/05 

Date: Mon, 06 Jun 2005 02:42:01 GMT

Douglas A. Gwyn wrote:
> Bryan Olson wrote:
> > [a bunch of stuff that merely reiterates the same
> > mistakes that I've already responded to, q.v.]
>
>> > Feeding -64 to a function when the correct value is
>> > 192 and the function's domain is specified as the
>> > set {EOF, nonnegative 8-bit value} is clearly
>> > wildly out-of-range.
>>
>> The sign extension of the char value -64 is the int value -64.
>
>
> Yes, which is wildly out of range.

What range is it in after sign extension that it wasn't in
before? What you wrote was:

     Olson's problem seems to be that he was unaware of the
     possibility of sign extension upon widening of a signed
     integer type, which might necessitate masking off the
     extension. Of *course* if you feed a wildly out-of-range
     value to toupper you get undefined behavior.

> 192 would have been within range.
> How did you get from 192 which is what the
> toupper spec indicates you should have fed it
> to the int value -64?

Exactly how I explained of course. I looked it up in the
reference recommended in the C spec, and it implied the int
could be any value representable as either char or unsigned char
(or EOF). It was incorrect, according to the standard. It's not
like sign extension changed a char value into some different
integer; that can't happen.

> There was a conversion of type char to int, which
> caused failure due to resulting in a negative value.

It was already a negative value; in fact it was the same
integer. 

-- 
--Bryan

Relevant Pages
Loading