fix: cast char to unsigned char in get_uint16 to prevent sign-extension#4035
Open
is-primary-dev wants to merge 1 commit into
Open
fix: cast char to unsigned char in get_uint16 to prevent sign-extension#4035is-primary-dev wants to merge 1 commit into
is-primary-dev wants to merge 1 commit into
Conversation
std::vector<char> uses signed char on x86-64 GCC. When a byte >= 0x80 is cast directly to uint16_t, it sign-extends (e.g. 0xA3 becomes 0xFFA3), corrupting the deserialized argument length in the rtapi_app socket protocol. This causes "arg size not in buffer range" errors for any loadrt argument longer than 127 bytes. Cast through unsigned char before widening to uint16_t. The companion push_uint16 already masks with 0xff, so only the read side was affected.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
get_uint16() in uspace_rtapi_main.cc casts char directly to uint16_t. On x86-64 GCC where char is signed, any byte >= 0x80 sign-extends (e.g. 0xA3 becomes 0xFFA3), corrupting the deserialized argument length.
This breaks loadrt for any module argument longer than 127 bytes — the master gets garbage in recv_args and the slave sees "recv_result failed, recv only 0 of 4 bytes".
Fix: cast through unsigned char before widening. The companion push_uint16 already masks with 0xff, so only the read side was affected.