BUG/MINOR: tools: my_memspn/my_memcspn wrong cast causing incorrect byte reading

Both functions cast void * to int * and dereference, reading 4 bytes as an
integer instead of a single byte. This is passed to memchr() which expects a
byte value. On unaligned addresses this causes crashes on ARM/mips etc, and
search for the wrong byte on big endian platforms. Fixed to cast to
const unsigned char * and dereference a single byte. This is marked as
minor because these functions were added in 2.2 by commit 5eb96cbcbc
("MINOR: standard: Add my_memspn and my_memcspn") and have not been used
since then.

diff --git a/src/tools.c b/src/tools.c
index f5b14d75a485d813a8fc9ba197d5b9ea2518f901..7a48969ec41ad176b3196b686d3008f7209e6bc1 100644 (file)
--- a/src/tools.c
+++ b/src/tools.c
@@ -3070,7 +3070,7 @@ size_t my_memspn(const void *str, size_t len, const void *accept, size_t acceptl
 {
        size_t ret = 0;
 
-       while (ret < len && memchr(accept, *((int *)str), acceptlen)) {
+       while (ret < len && memchr(accept, *((const unsigned char *)str), acceptlen)) {
                str++;
                ret++;
        }
@@ -3083,7 +3083,7 @@ size_t my_memcspn(const void *str, size_t len, const void *reject, size_t reject
        size_t ret = 0;
 
        while (ret < len) {
-               if(memchr(reject, *((int *)str), rejectlen))
+               if (memchr(reject, *((const unsigned char *)str), rejectlen))
                        return ret;
                str++;
                ret++;