Paths

Table of Contentst

bcmp.c: fix integer overflow bug
ClosedPublic
Actions

Authored by fuz on Jul 12 2023, 6:46 PM.

Details

Reviewers

mjg
andrew
mhorne
emaste

Commits

rG99544e13eec1: lib/libc/string/bcmp.c: fix integer overflow bug
rG3b0dacf6fd13: lib/libc/string/bcmp.c: fix integer overflow bug
rG4da7282a1882: lib/libc/string/bcmp.c: fix integer overflow bug

Summary

bcmp() returned the number of remaining bytes when the main loop exits.
In case of a match, this is zero, else a positive integer. On systems
where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
the return value may cause the number of remaining bytes to overflow,
becoming zero and falsely indicating a successful comparison.

Fix the bug by always returning 0 on equality, 1 otherwise.
The new implementation returns different result than old one
within variation permitted by spec. May break compatibility.

Sponsored by: FreeBSD Foundation
PR: 272474 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272474)

Test Plan

run testsuite

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

fuz created this revision.Jul 12 2023, 6:46 PM

Herald added a subscriber: imp. · View Herald TranscriptJul 12 2023, 6:46 PM

fuz requested review of this revision.Jul 12 2023, 6:46 PM

Harbormaster completed remote builds in B52604: Diff 124582.Jul 12 2023, 6:46 PM

Otherwise this looks like the right fix.

lib/libc/string/bcmp.c
6	I don't thin this merits a copyright addition.

maybe whack this implementation to begin with and make it call memcmp, which *is* optimized on some archs

preferably this would just be an alias but some weird magic was getting in the way of accomodating that

@mjg You yourself wrote lib/libc/amd64/string/memcp.S which covers both memcmp and bcmp with some conditional code. Are you saying this approach was wrong and we should instead have bcmp call memcmp? The semantics of bcmp are indeed slightly faster to implement as the code doesn't have to find the specific bytes that mismatched and compute the difference.

lib/libc/string/bcmp.c
6	I have been instructed to put this copyright addition in by my contract with the FreeBSD Foundation. I found this bug during work on the contract and submitted the patch as part of it. You may instead want to import the OpenBSD patch, which does basically the same thing.

I am saying a completely unpoptimized bcmp like this one should not exist and instead it would be better if it called memcmp and even better if it aliased it. That's not the same as being opposed to bcmp's existence as it can be faster than memcmp in case of a mismatch.

imp added inline comments.Jul 14 2023, 2:07 PM

lib/libc/string/bcmp.c
6	Your instructions are overly broad and no appropriate here. Remove this if you commit this. I think that your interpretation of their contract is in error here.

jrm added a subscriber: jrm.Jul 14 2023, 7:43 PM

jrm added inline comments.

lib/libc/string/bcmp.c

@fuz, I believe you're following the contract text [1] as stated, but if @imp, who has been at this longer than any of us, thinks this doesn't warrant a copyright inclusion, let's follow his advice. Perhaps we need to tweak the text to say something like 'significantly modifies'? IANAL.

[1] License Obligations. Consultant shall ensure that the copyright notice and license text attached as Exhibit B
shall appear at the top of any new files that Consultant creates; and that the copyright notice and license
text attached as Exhibit C shall appear at the top of any pre-existing files that Consultant modifies during the
course of providing the Services.

@imp Are you okay if I commit with no copyright claim writing

Obtained from: OpenBSD: bcmp.c,v 1.9 2008/03/19 03:00:23 ray Exp

in the commit message? Referring to this bcmp.c diff.

emaste added a subscriber: emaste.Jul 16 2023, 1:07 PM

emaste added inline comments.

lib/libc/string/bcmp.c
6	Yes something like "significantly modifies" would be appropriate for Foundation copyrights.

emaste added inline comments.Jul 16 2023, 3:28 PM

lib/libc/string/bcmp.c
6	And to be explicit: The FreeBSD Foundation approves this with the copyright header change excluded.

Remove foundation copyright header as per @emaste's instructions.

Harbormaster completed remote builds in B52664: Diff 124737.Jul 16 2023, 3:33 PM

emaste accepted this revision.Jul 16 2023, 5:22 PM

This revision is now accepted and ready to land.Jul 16 2023, 5:22 PM

Note, should be Sponsored by: The FreeBSD Foundation

Closed by commit rG4da7282a1882: lib/libc/string/bcmp.c: fix integer overflow bug (authored by fuz). · Explain WhyJul 16 2023, 5:37 PM

This revision was automatically updated to reflect the committed changes.

fuz marked 5 inline comments as done.

fuz added a commit: rG4da7282a1882: lib/libc/string/bcmp.c: fix integer overflow bug.

I'm happy with this commit as landed.

fuz added a commit: rG3b0dacf6fd13: lib/libc/string/bcmp.c: fix integer overflow bug.Jul 21 2023, 8:57 AM

fuz added a commit: rG99544e13eec1: lib/libc/string/bcmp.c: fix integer overflow bug.

fuz mentioned this in D41855: lib/libc/amd64: back out amd64 SIMD work.Sep 14 2023, 5:56 AM

fuz mentioned this in rG6dff5fb10b5e: lib/libc/amd64: back out amd64 SIMD work.Sep 19 2023, 3:20 AM

Revision Contents
Changeset List

Path

Size

lib/

libc/

string/

bcmp.c

4 lines

Diff 124747

View Options

lib/libc/string/bcmp.c: fix integer overflow bugClosedPublicActions