From: Linus Torvalds Date: Wed, 18 Nov 2009 21:31:52 +0000 (+0100) Subject: strcmp: fix overflow and possibly signedness error X-Git-Tag: upstream/snapshot3+hdmi~16547 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a414f01ac2899f273ef8fe98fa44158ac12793f2;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git strcmp: fix overflow and possibly signedness error Doing the strcmp return value as signed char __res = *cs - *ct; is wrong for two reasons. The subtraction can overflow because __res doesn't use a type big enough. Moreover the compared bytes should be interpreted as unsigned char as specified by POSIX. The same problem is fixed in strncmp. Signed-off-by: Uwe Kleine-König Cc: Michael Buesch Cc: Andreas Schwab Cc: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/lib/string.c b/lib/string.c index b19b87a..e96421a 100644 --- a/lib/string.c +++ b/lib/string.c @@ -246,13 +246,17 @@ EXPORT_SYMBOL(strlcat); #undef strcmp int strcmp(const char *cs, const char *ct) { - signed char __res; + unsigned char c1, c2; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + c1 = *cs++; + c2 = *ct++; + if (c1 != c2) + return c1 < c2 ? -1 : 1; + if (!c1) break; } - return __res; + return 0; } EXPORT_SYMBOL(strcmp); #endif @@ -266,14 +270,18 @@ EXPORT_SYMBOL(strcmp); */ int strncmp(const char *cs, const char *ct, size_t count) { - signed char __res = 0; + unsigned char c1, c2; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + c1 = *cs++; + c2 = *ct++; + if (c1 != c2) + return c1 < c2 ? -1 : 1; + if (!c1) break; count--; } - return __res; + return 0; } EXPORT_SYMBOL(strncmp); #endif