diff options
| author | Robert Clausecker <fuz@FreeBSD.org> | 2023-07-12 18:23:21 +0000 |
|---|---|---|
| committer | Robert Clausecker <fuz@FreeBSD.org> | 2023-07-16 17:36:17 +0000 |
| commit | 4da7282a1882fc03c99591c27d44a2e6dfda364b (patch) | |
| tree | 336c964f060209e59151e79e64fdba13d4de1763 /lib | |
| parent | c1e63e352e34b55ad577011fa4729f0638fb3fdf (diff) | |
| download | src-4da7282a1882fc03c99591c27d44a2e6dfda364b.tar.gz src-4da7282a1882fc03c99591c27d44a2e6dfda364b.zip | |
lib/libc/string/bcmp.c: fix integer overflow bug
bcmp() returned the number of remaining bytes when the main loop exits.
In case of a match, this is zero, else a positive integer. On systems
where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
the return value may cause the number of remaining bytes to overflow,
becoming zero and falsely indicating a successful comparison.
Fix the bug by always returning 0 on equality, 1 otherwise.
PR: 272474
Approved by: emaste
Reviewed by: imp
MFC After: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41011
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/string/bcmp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libc/string/bcmp.c b/lib/libc/string/bcmp.c index 96cd49039eee..c42fe79ddb2f 100644 --- a/lib/libc/string/bcmp.c +++ b/lib/libc/string/bcmp.c @@ -51,7 +51,7 @@ bcmp(const void *b1, const void *b2, size_t length) p2 = (char *)b2; do if (*p1++ != *p2++) - break; + return (1); while (--length); - return (length); + return (0); } |