pty: fix char overflow causing test failures (re: 8aef678)

McDutchie · McDutchie · commit dd1efb4ae9a4 · 2026-04-03T02:35:02.000+01:00
As of the referenced commit, the pty.sh regression tests were massively failing on some systems (at least Linux/s390 and NetBSD/arm64) with failure message showing evidence of corrupted values. The problem was caused by the type of the 'restore' Match_t member being changed from int to char, on the apparent assumption that only values from char variables were to be stored in it. But that is not the case; 'restore' is set to -1 to indicate that no character is currently saved and none should be restored. So the obvious fix would be to simply revert the type of 'restore' back to int. However, I'm now seeing another, long-standing problem in the code. The whole program works with char* pointers, not unsigned char*. So on systems where char is signed, bytes with the 8th bit set (like UTF-8 characters) will produce negative values, which gets stored in Match_t's 'restore' as negative, which means restoring doesn't happen. We could get around that by using unsigned char* instead of char* everywhere, but that would be a large diff with lots of onerous typecasts to silence compiler warnings[*] as unsigned char values are passed to functions that expect char parameters. So, instead: src/cmd/builtin/pty.c: - Rename Match_t's 'restore' to 'save', keep char type. Only use it for storing char values, which fixes the problem. - Add 'saving' member, a flag indicating if the value in 'save' should be restored. This replaces the -1 value of 'restore'. - Adapt the code to use these, which is straightforward. Thanks to @phidebian for the report. Resolves: #962 [*] Those warnings don't normally show up, but do when compiling with -Wsign-compare -Wshorten-64-to-32 -Wsign-conversion -Wimplicit-int-conversion, as we now do as part of @JohnoKing's project to make ksh ready to handle large amounts of data in a 64-bit address space.
diff --git a/src/cmd/builtin/pty.c b/src/cmd/builtin/pty.c
@@ -511,7 +511,8 @@ typedef struct Master_s
 	char*		prompt;		/* peek prompt				*/
 	ptrdiff_t	cursor;		/* cursor in buf, 0 if fresh line	*/
 	int		line;		/* prompt line number			*/
-	char		restore;	/* previous line save char		*/
+	char		save;		/* previous line's saved char		*/
+	char		saving;		/* set if saved char is to be restored	*/
 } Master_t;
 #define BUFUNDERFLOW	128		/* bytes of buffer underflow to allow	*/
 
@@ -537,13 +538,13 @@ masterline(Sfio_t* mp, Sfio_t* lp, char* prompt, int must, int timeout, Master_t
  again:
 	if (prompt)
 	{
-		if (bp->cur < bp->end && bp->restore >= 0)
-			*bp->cur = bp->restore;
+		if (bp->cur < bp->end && bp->saving)
+			*bp->cur = bp->save;
 		if (strneq(bp->cur, promptbuf, promptlen))
 			r = bp->cur;
 		else
 			r = 0;
-		if (bp->cur < bp->end && bp->restore >= 0)
+		if (bp->cur < bp->end && bp->saving)
 			*bp->cur = 0;
 		if (r)
 		{
@@ -571,10 +572,11 @@ masterline(Sfio_t* mp, Sfio_t* lp, char* prompt, int must, int timeout, Master_t
 	}
 	else if (bp->nxt)
 	{
-		if (bp->restore >= 0)
-			*bp->cur = bp->restore;
+		if (bp->saving)
+			*bp->cur = bp->save;
 		r = bp->cur;
-		bp->restore = *bp->nxt;
+		bp->save = *bp->nxt;
+		bp->saving = 1;
 		*bp->nxt = 0;
 		if (bp->nxt >= bp->end)
 		{
@@ -600,10 +602,10 @@ masterline(Sfio_t* mp, Sfio_t* lp, char* prompt, int must, int timeout, Master_t
 		}
 		else if (bp->cur < bp->end)
 		{
-			if (bp->restore >= 0)
+			if (bp->saving)
 			{
-				*bp->cur = bp->restore;
-				bp->restore = -1;
+				*bp->cur = bp->save;
+				bp->saving = 0;
 			}
 			r = bp->cur;
 			*bp->end = 0;
@@ -631,10 +633,10 @@ masterline(Sfio_t* mp, Sfio_t* lp, char* prompt, int must, int timeout, Master_t
 		{
 			if (bp->cur < bp->end)
 			{
-				if (bp->restore >= 0)
+				if (bp->saving)
 				{
-					*bp->cur = bp->restore;
-					bp->restore = -1;
+					*bp->cur = bp->save;
+					bp->saving = 0;
 				}
 				r = bp->cur;
 				*bp->end = 0;
@@ -669,11 +671,12 @@ masterline(Sfio_t* mp, Sfio_t* lp, char* prompt, int must, int timeout, Master_t
 	}
 	memcpy(bp->end, s, (size_t)n);
 	bp->end += n;
-	if ((r = bp->cur) > bp->buf && bp->restore >= 0)
-		*r = bp->restore;
+	if ((r = bp->cur) > bp->buf && bp->saving)
+		*r = bp->save;
 	if (bp->cur = memchr(bp->cur, '\n', (size_t)(bp->end - bp->cur)))
 	{
-		bp->restore = *++bp->cur;
+		bp->save = *++bp->cur;
+		bp->saving = 1;
 		*bp->cur = 0;
 		if (bp->cur >= bp->end)
 		{
@@ -687,7 +690,7 @@ masterline(Sfio_t* mp, Sfio_t* lp, char* prompt, int must, int timeout, Master_t
 	}
 	else
 	{
-		bp->restore = -1;
+		bp->saving = 0;
 		bp->cur = r;
 		bp->nxt = 0;
 		must = 0;
@@ -803,7 +806,7 @@ dialogue(Sfio_t* mp, Sfio_t* lp, useconds_t delay, int timeout)
 	master->buf = master->bufunderflow + BUFUNDERFLOW;
 	master->cur = master->end = master->buf;
 	master->max = master->buf + 2 * SFIO_BUFSIZE - 1;
-	master->restore = -1;
+	master->saving = 0;
 	errno = 0;
 	id = error_info.id;
 	error_info.id = 0;
