Attachment 243358 Details for Bug 272474 – fix bcmp() bug

[patch] fix bcmp() bug

0001-lib-libc-string-bcmp.c-fix-integer-overflow-bug.patch (text/plain), 1.54 KB, created by Robert Clausecker on 2023-07-12 18:29:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Robert Clausecker

Created: 2023-07-12 18:29:29 UTC

Size: 1.54 KB

patch

obsolete

>From 33d012166cce4fc1e7682fe8adbcbfed6c6b30bd Mon Sep 17 00:00:00 2001
>From: Robert Clausecker <fuz@FreeBSD.org>
>Date: Wed, 12 Jul 2023 20:23:21 +0200
>Subject: [PATCH] lib/libc/string/bcmp.c: fix integer overflow bug
>
>bcmp() returned the number of remaining bytes when the main loop exits.
>In case of a match, this is zero, else a positive integer.  On systems
>where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
>the return value may cause the number of remaining bytes to overflow,
>becoming zero and falsely indicating a successful comparison.
>
>Fix the bug by always returning 0 on equality, 1 otherwise.
>
>Sponsored by:	FreeBSD Foundation
>---
> lib/libc/string/bcmp.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
>diff --git a/lib/libc/string/bcmp.c b/lib/libc/string/bcmp.c
>index 96cd49039eee..34da86ed4ca2 100644
>--- a/lib/libc/string/bcmp.c
>+++ b/lib/libc/string/bcmp.c
>@@ -3,6 +3,10 @@
>  *
>  * Copyright (c) 1987, 1993
>  *	The Regents of the University of California.  All rights reserved.
>+ * Copyright (c) 2023 The FreeBSD Foundation
>+ *
>+ * Portions of this software were developed by Robert Clausecker
>+ * <fuz@FreeBSD.org> under sponsorship from the FreeBSD Foundation.
>  *
>  * Redistribution and use in source and binary forms, with or without
>  * modification, are permitted provided that the following conditions
>@@ -51,7 +55,7 @@ bcmp(const void *b1, const void *b2, size_t length)
> 	p2 = (char *)b2;
> 	do
> 		if (*p1++ != *p2++)
>-			break;
>+			return (1);
> 	while (--length);
>-	return (length);
>+	return (0);
> }
>-- 
>2.41.0
>

Actions: View | Diff

Attachments on bug 272474: 243358