Fix UB in Tokenizer

tgoyne · tgoyne · commit 7ab83e8e4998 · 2024-06-06T08:48:33.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@
 * The encryption code no longer behaves differently depending on the system page size, which should entirely eliminate a recurring source of bugs related to copying encrypted Realm files between platforms with different page sizes. One known outstanding bug was ([RNET-1141](https://github.com/realm/realm-dotnet/issues/3592)), where opening files on a system with a larger page size than the writing system would attempt to read sections of the file which had never been written to ([PR #7698](https://github.com/realm/realm-core/pull/7698)).
 * There were several complicated scenarios which could result in stale reads from encrypted files in multiprocess scenarios. These were very difficult to hit and would typically lead to a crash, either due to an assertion failure or DecryptionFailure being thrown ([PR #7698](https://github.com/realm/realm-core/pull/7698), since v13.9.0).
 * Encrypted files have some benign data races where we can memcpy a block of memory while another thread is writing to a limited range of it. It is logically impossible to ever read from that range when this happens, but Thread Sanitizer quite reasonably complains about this. We now perform a slower operations when running with TSan which avoids this benign race ([PR #7698](https://github.com/realm/realm-core/pull/7698)).
+* Tokenizing strings for full-text search could pass values outside the range [-1, 255] to `isspace()`, which is undefined behavior ([PR #7698](https://github.com/realm/realm-core/pull/7698), since the introduction of FTS in v13.0.0).
 
 ### Breaking changes
 * Any `stitch_` prefixed fields in the `BsonDocument` returned from `app::User::custom_data()` are being renamed on the server to have a `baas_` prefix instead ([PR #7769](https://github.com/realm/realm-core/pull/7769)).
diff --git a/src/realm/tokenizer.cpp b/src/realm/tokenizer.cpp
@@ -61,7 +61,7 @@ std::pair<std::set<std::string>, std::set<std::string>> Tokenizer::get_search_to
         }
     };
     for (; m_cur_pos != m_end_pos; m_cur_pos++) {
-        if (isspace(*m_cur_pos)) {
+        if (isspace(static_cast<unsigned char>(*m_cur_pos))) {
             add_token();
         }
         else {

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ std::pair<std::set<std::string>, std::set<std::string>> Tokenizer::get_search_to`
`61`	`61`	`}`
`62`	`62`	`};`
`63`	`63`	`for (; m_cur_pos != m_end_pos; m_cur_pos++) {`
`64`		`- if (isspace(*m_cur_pos)) {`
	`64`	`+ if (isspace(static_cast<unsigned char>(*m_cur_pos))) {`
`65`	`65`	`add_token();`
`66`	`66`	`}`
`67`	`67`	`else {`