Page MenuHomeFreeBSD

lib/libc/string/bcmp.c: fix integer overflow bug
ClosedPublic

Authored by fuz on Jul 12 2023, 6:46 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 17, 7:15 AM
Unknown Object (File)
Fri, May 17, 1:59 AM
Unknown Object (File)
May 16 2024, 4:20 AM
Unknown Object (File)
Mar 25 2024, 12:23 AM
Unknown Object (File)
Mar 25 2024, 12:22 AM
Unknown Object (File)
Mar 25 2024, 12:22 AM
Unknown Object (File)
Mar 19 2024, 5:11 PM
Unknown Object (File)
Mar 19 2024, 3:33 PM
Subscribers

Details

Summary

bcmp() returned the number of remaining bytes when the main loop exits.
In case of a match, this is zero, else a positive integer. On systems
where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
the return value may cause the number of remaining bytes to overflow,
becoming zero and falsely indicating a successful comparison.

Fix the bug by always returning 0 on equality, 1 otherwise.
The new implementation returns different result than old one
within variation permitted by spec. May break compatibility.

Sponsored by: FreeBSD Foundation
PR: 272474 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272474)

Test Plan

run testsuite

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

fuz requested review of this revision.Jul 12 2023, 6:46 PM

Otherwise this looks like the right fix.

lib/libc/string/bcmp.c
6

I don't thin this merits a copyright addition.

maybe whack this implementation to begin with and make it call memcmp, which *is* optimized on some archs

preferably this would just be an alias but some weird magic was getting in the way of accomodating that

@mjg You yourself wrote lib/libc/amd64/string/memcp.S which covers both memcmp and bcmp with some conditional code. Are you saying this approach was wrong and we should instead have bcmp call memcmp? The semantics of bcmp are indeed slightly faster to implement as the code doesn't have to find the specific bytes that mismatched and compute the difference.

lib/libc/string/bcmp.c
6

I have been instructed to put this copyright addition in by my contract with the FreeBSD Foundation. I found this bug during work on the contract and submitted the patch as part of it.

You may instead want to import the OpenBSD patch, which does basically the same thing.

I am saying a completely unpoptimized bcmp like this one should not exist and instead it would be better if it called memcmp and even better if it aliased it. That's not the same as being opposed to bcmp's existence as it can be faster than memcmp in case of a mismatch.

lib/libc/string/bcmp.c
6

Your instructions are overly broad and no appropriate here. Remove this if you commit this. I think that your interpretation of their contract is in error here.

jrm added inline comments.
lib/libc/string/bcmp.c
6

@fuz, I believe you're following the contract text [1] as stated, but if @imp, who has been at this longer than any of us, thinks this doesn't warrant a copyright inclusion, let's follow his advice. Perhaps we need to tweak the text to say something like 'significantly modifies'? IANAL.

[1] License Obligations. Consultant shall ensure that the copyright notice and license text attached as Exhibit B
shall appear at the top of any new files that Consultant creates; and that the copyright notice and license
text attached as Exhibit C shall appear at the top of any pre-existing files that Consultant modifies during the
course of providing the Services.

@imp Are you okay if I commit with no copyright claim writing

Obtained from: OpenBSD: bcmp.c,v 1.9 2008/03/19 03:00:23 ray Exp

in the commit message? Referring to this bcmp.c diff.

emaste added inline comments.
lib/libc/string/bcmp.c
6

Yes something like "significantly modifies" would be appropriate for Foundation copyrights.

lib/libc/string/bcmp.c
6

And to be explicit: The FreeBSD Foundation approves this with the copyright header change excluded.

Remove foundation copyright header as per @emaste's instructions.

This revision is now accepted and ready to land.Jul 16 2023, 5:22 PM

Note, should be Sponsored by: The FreeBSD Foundation

This revision was automatically updated to reflect the committed changes.
fuz marked 5 inline comments as done.

I'm happy with this commit as landed.