+2011-05-28 Jim Meyering <meyering@redhat.com>
+
+ avoid a sign-extension bug in crypto_hash_function
+ * fns.c (to_uchar): Define.
+ (crypto_hash_function): Use it to convert some newly-signed
+ variables to unsigned, to avoid sign-extension bugs. For example,
+ without this change, (md5 "truc") would evaluate to
+ 45723a2aff78ff4fff7fff1114760e62 rather than the expected
+ 45723a2af3788c4ff17f8d1114760e62. Reported by Antoine Levitt in
+ http://thread.gmane.org/gmane.emacs.devel/139824
+
2011-05-27 Paul Eggert <eggert@cs.ucla.edu>
Integer overflow fixes.
#include "md5.h"
#include "sha1.h"
+/* Convert a possibly-signed character to an unsigned character. This is
+ a bit safer than casting to unsigned char, since it catches some type
+ errors that the cast doesn't. */
+static inline unsigned char to_uchar (char ch) { return ch; }
+
/* TYPE: 0 for md5, 1 for sha1. */
static Lisp_Object
{
char value[33];
for (i = 0; i < 16; i++)
- sprintf (&value[2 * i], "%02x", digest[i]);
+ sprintf (&value[2 * i], "%02x", to_uchar (digest[i]));
res = make_string (value, 32);
}
else
{
char value[41];
for (i = 0; i < 20; i++)
- sprintf (&value[2 * i], "%02x", digest[i]);
+ sprintf (&value[2 * i], "%02x", to_uchar (digest[i]));
res = make_string (value, 40);
}
else
HCoop / bpt / emacs.git / commitdiff