upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

lib/libc/string/bcmp.c: fix integer overflow bug

Browse source 
bcmp() returned the number of remaining bytes when the main loop exits.
In case of a match, this is zero, else a positive integer.  On systems
where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
the return value may cause the number of remaining bytes to overflow,
becoming zero and falsely indicating a successful comparison.

Fix the bug by always returning 0 on equality, 1 otherwise.

PR:		272474
Approved by:	emaste
Reviewed by:	imp
MFC After:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41011
This commit is contained in:
Robert Clausecker 2023-07-12 20:23:21 +02:00
parent c1e63e352e
commit 4da7282a18
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/libc/string/bcmp.c
View file

@ -51,7 +51,7 @@ bcmp(const void *b1, const void *b2, size_t length)
p2 = (char *)b2;
do
if (*p1++ != *p2++)
break;
return (1);
while (--length);
return (length);
return (0);
}