PR/58208 CVS commit: src

["Taylor R Campbell" <riastradh%netbsd.org@localhost>]

The following reply was made to PR lib/58208; it has been noted by GNATS.

From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/58208 CVS commit: src
Date: Fri, 28 Mar 2025 19:13:23 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Fri Mar 28 19:13:23 UTC 2025
 
 Modified Files:
 	src/lib/libc/locale: rune.c
 	src/tests/lib/libc/gen: t_ctype.c
 
 Log Message:
 libc: Put guard pages before locale ctype/tolower/toupper tables.
 
 This way, triggering the undefined behaviour of negative inputs to
 the ctype functions leads to instant SIGSEGV, rather than silently
 giving bonkers (and likely nondeterministic) answers.  (See ctype(3)
 man page for details.)
 
 This only affects non-default locales, i.e., locales other than C.
 The C locale's tables are statically linked into libc, and the
 symbols defining them are baked into the ABI, so putting a guard page
 before them will require either some careful elven surgery (which is
 a class I must have missed back in university), or copying them into
 dynamically allocated memory (which is a cost I'm reluctant to incur
 on all programs using libc).
 
 This also only affects machines where char is signed for now.  (But
 maybe it would be worth doing unconditionally; users could still try
 to pass in explicit `signed char' inputs.)
 
 PR lib/58208: ctype(3) provides poor runtime feedback of abuse
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.47 -r1.48 src/lib/libc/locale/rune.c
 cvs rdiff -u -r1.2 -r1.3 src/tests/lib/libc/gen/t_ctype.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.