mirror of
https://github.com/opnsense/src.git
synced 2026-04-02 16:05:17 -04:00
0666c6fc03
When memcmp(a, b, len) (or equally, bcmp) is called with a phony length such that a + len < a, the code would malfunction and not compare the two buffers correctly. While such arguments are illegal (buffers do not wrap around the end of the address space), it is neverthless conceivable that people try things like memcmp(a, b, SIZE_MAX) to compare a and b until the first mismatch, in the knowledge that such a mismatch exists, expecting memcmp() to stop comparing somewhere around the mismatch. While memcmp() is usually written to confirm to this assumption, no version of ISO/IEC 9899 guarantees this behaviour (in contrast to memchr() for which it is). Neverthless it appears sensible to at least not grossly misbehave on phony lengths. This change hardens memcmp() against this case by comparing at least until the end of the address space if a + len overflows a 64 bit integer. Sponsored by: The FreeBSD Foundation Approved by: mjg (blanket, via IRC) See also: b2618b651b28fd29e62a4e285f5be09ea30a85d4 MFC after: 1 week (cherry picked from commit 953b93cf24d8871c62416c9bcfca935f1f1853b6) |
||
|---|---|---|
| .. | ||
| gen | ||
| stdlib | ||
| string | ||
| sys | ||
| _fpmath.h | ||
| amd64_archlevel.h | ||
| arith.h | ||
| gd_qnan.h | ||
| Makefile.inc | ||
| static_tls.h | ||
| Symbol.map | ||
| SYS.h | ||