From 716a3ac7ca439ba1c8b80f1b6810530414c29508 Mon Sep 17 00:00:00 2001
From: is-primary-dev <215415441+is-primary-dev@users.noreply.github.com>
Date: Sat, 16 May 2026 17:27:10 -0700
Subject: [PATCH] fix: cast char to unsigned char in get_uint16 to prevent
 sign-extension

std::vector<char> uses signed char on x86-64 GCC. When a byte >= 0x80
is cast directly to uint16_t, it sign-extends (e.g. 0xA3 becomes
0xFFA3), corrupting the deserialized argument length in the rtapi_app
socket protocol. This causes "arg size not in buffer range" errors for
any loadrt argument longer than 127 bytes.

Cast through unsigned char before widening to uint16_t. The companion
push_uint16 already masks with 0xff, so only the read side was affected.
---
 src/rtapi/uspace_rtapi_main.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rtapi/uspace_rtapi_main.cc b/src/rtapi/uspace_rtapi_main.cc
index 3a73c5e294e..fcfb5c24c17 100644
--- a/src/rtapi/uspace_rtapi_main.cc
+++ b/src/rtapi/uspace_rtapi_main.cc
@@ -422,7 +422,7 @@ static void push_uint16(std::vector<char> &buf, uint16_t value) {
 
 static uint16_t get_uint16(const std::vector<char> &buf, size_t idx) {
     //at() will check index and throw std::out_of_range
-    return ((uint16_t)buf.at(idx) << 0) | ((uint16_t)buf.at(idx + 1) << 8);
+    return ((uint16_t)(unsigned char)buf.at(idx)) | ((uint16_t)(unsigned char)buf.at(idx + 1) << 8);
 }
 
 static bool recv_args(int fd, std::vector<std::string> &args) {