git: 99544e13eec1 - stable/12 - lib/libc/string/bcmp.c: fix integer overflow bug
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 21 Jul 2023 08:57:44 UTC
The branch stable/12 has been updated by fuz:
URL: https://cgit.FreeBSD.org/src/commit/?id=99544e13eec1586552470bd9d5f3b24038891401
commit 99544e13eec1586552470bd9d5f3b24038891401
Author: Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2023-07-12 18:23:21 +0000
Commit: Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-07-21 08:57:32 +0000
lib/libc/string/bcmp.c: fix integer overflow bug
bcmp() returned the number of remaining bytes when the main loop exits.
In case of a match, this is zero, else a positive integer. On systems
where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
the return value may cause the number of remaining bytes to overflow,
becoming zero and falsely indicating a successful comparison.
Fix the bug by always returning 0 on equality, 1 otherwise.
PR: 272474
Approved by: emaste
Reviewed by: imp
MFC After: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41011
(cherry picked from commit 4da7282a1882fc03c99591c27d44a2e6dfda364b)
---
lib/libc/string/bcmp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/libc/string/bcmp.c b/lib/libc/string/bcmp.c
index 96cd49039eee..c42fe79ddb2f 100644
--- a/lib/libc/string/bcmp.c
+++ b/lib/libc/string/bcmp.c
@@ -51,7 +51,7 @@ bcmp(const void *b1, const void *b2, size_t length)
p2 = (char *)b2;
do
if (*p1++ != *p2++)
- break;
+ return (1);
while (--length);
- return (length);
+ return (0);
}