Date: Wed, 13 Jun 2012 13:27:11 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: FreeSec crypt() On Wed, Jun 13, 2012 at 08:45:46PM +0400, Solar Designer wrote: > On Wed, Jun 13, 2012 at 10:56:03AM -0400, Rich Felker wrote: > > On Wed, Jun 13, 2012 at 05:18:07PM +0400, Solar Designer wrote: > > > > Note that even if the behavior were defined, this code seems to have > > > > different behavior for high bytes depending on the signedness of char. > .... > > > Why would signedness of char matter > > > if the behavior of the signed char overflowing left shift were defined? > > > > Well if char is signed, (char)0x80 << 1 is -256. If char is unsigned, > > (char)0x80 << 1 is 256. > > Sure, but we had: > > const char *key; > u_char *q; > *q++ = *key << 1; > > so while *key << 1 is either -256 or 256 (promoted to int or unsigned > int), those high bits get dropped on the assignment to *q anyway, > resulting in the same value there either way. No? You're right on that. Ideally the functions should just take arguments of type unsigned char *, and the crypt/crypt_r wrapper should cast the original char * to unsigned char *. This is the same way all the standard string functions (like strcmp) are required to work. Casting/converting the _value_ after reading it also happens to work, and is sufficient for musl's purposes (we assume, per POSIX, that CHAR_BIT is 8, but also that signed types are twos complement), but only reinterpreting by casting the pointer before reading it is 100% portable. On a non-twos-complement machine, reading a signed char is lossy (it can only obtain 255 possible values, not 256). Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.