This is a weird milestone: libais got its first CVE. CVE-2026-56770 is a crash coming from my 03f1c92418 where I did "vdm: int → size_t for sequence and sentence numbers" to avoid comparing signed and unsigned numbers and I was able to get rid of "-Wno-sign-compare". I added a "kNoSequenceNumber" that has a huge value (for AIS sequence numbers) of 999999. But, I have code checking the sequence numbers that was only asserts and I was counting on the old value of -1.
So the bug has only been around since Sep 2025 and I haven't done a libais release in more than a decade (ahem, I need to do a release). So it shouldn't impact too many people. According to Gemini, libais falls under "Minor Historic and Niche Libraries" so... ouch.
This patch should fix the issue: ce0fedeba5 / libais#264
libais needs so much cleanup at this point that it is painful. I also asked Antigravity to do a scan of the code for troubles. In addition to finding lots of spelling mistakes, there are plenty of places to improve the code. Sigh.
Here is a sample from ais8.cpp:
### Specific Typos and Grammatical Mistakes * **Line 293**: ```cpp // Some people transmit without the idiodic spare padding ``` *Typo*: `idiodic` should be spelled **`idiotic`**. * **Line 138**: ```cpp // TODO(schwehr): how to treat this spare vrs water level? ``` *Typo*: `vrs` should be spelled **`vs`** or **`versus`**. * **Lines 324 & 358**: ```cpp horz_viz(0.0) ... horz_viz = bits.ToUnsignedInt(246, 8) / 10.; ``` *Inconsistency/Typo*: Abbreviating "horizontal visibility" as `horz_viz` uses a 'z' instead of 's' (`horz_vis`), which conflicts with line 72 and line 568 where it is correctly named `horz_vis`. * **Line 421**: ```cpp ice_thickness = bits.ToUnsignedInt(324, 7) / 100.; // m. Network is cm, ``` *Grammar*: The inline comment ends abruptly with a trailing comma (`cm,`) instead of completing the sentence or ending with a period.
In addition to mispelling "idiotic," I can just remove that word. I don't really need to express my frustration over the AIS specification like that. 😎
Thanks to github.com/raefko for the bug report!
No comments:
Post a Comment