HomeFreeBSD

lib/libc/amd64/string/memcmp.S: harden against phony buffer lengths

Description

lib/libc/amd64/string/memcmp.S: harden against phony buffer lengths

When memcmp(a, b, len) (or equally, bcmp) is called with a phony length
such that a + len < a, the code would malfunction and not compare the
two buffers correctly. While such arguments are illegal (buffers do not
wrap around the end of the address space), it is neverthless conceivable
that people try things like memcmp(a, b, SIZE_MAX) to compare a and b
until the first mismatch, in the knowledge that such a mismatch exists,
expecting memcmp() to stop comparing somewhere around the mismatch.
While memcmp() is usually written to confirm to this assumption, no
version of ISO/IEC 9899 guarantees this behaviour (in contrast to
memchr() for which it is).

Neverthless it appears sensible to at least not grossly misbehave on
phony lengths. This change hardens memcmp() against this case by
comparing at least until the end of the address space if a + len
overflows a 64 bit integer.

Sponsored by: The FreeBSD Foundation
Approved by: mjg (blanket, via IRC)
See also: b2618b651b28fd29e62a4e285f5be09ea30a85d4
MFC after: 1 week

(cherry picked from commit 953b93cf24d8871c62416c9bcfca935f1f1853b6)

Details

Provenance
fuzAuthored on Sep 14 2023, 5:19 AM
Parents
rGb6864ba42d37: share/man/man7/simd.7: document simd-enhanced memchr(3), strnlen(3)
Branches
Unknown
Tags
Unknown