| commit | a414f01ac2899f273ef8fe98fa44158ac12793f2 | |
| author | Linus Torvalds <torvalds@linux-foundation.org> | |
| Wed, 18 Nov 2009 21:31:52 +0000 (18 22:31 +0100) | ||
| committer | Linus Torvalds <torvalds@linux-foundation.org> | |
| Thu, 19 Nov 2009 01:18:13 +0000 (18 17:18 -0800) | ||
| tree | 30a7ef8d7d2f8d4aca0781fa8785630fc1f6320d | treesnapshot (tar.gz zip) |
| parent | 6602b355c2cf8f4c628732827408606075288d28 | commitdiff |
strcmp: fix overflow and possibly signedness error
Doing the strcmp return value as
signed char __res = *cs - *ct;
is wrong for two reasons. The subtraction can overflow because __res
doesn't use a type big enough. Moreover the compared bytes should be
interpreted as unsigned char as specified by POSIX.
The same problem is fixed in strncmp.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Doing the strcmp return value as
signed char __res = *cs - *ct;
is wrong for two reasons. The subtraction can overflow because __res
doesn't use a type big enough. Moreover the compared bytes should be
interpreted as unsigned char as specified by POSIX.
The same problem is fixed in strncmp.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| lib/string.c | diffblobblamehistory |