diff options
author | Max Filippov <jcmvbkbc@gmail.com> | 2018-01-09 00:48:31 -0800 |
---|---|---|
committer | Waldemar Brodkorb <wbx@uclibc-ng.org> | 2018-01-15 20:01:44 +0000 |
commit | ae1b43635802dccd9fc793474c433b5dca23841f (patch) | |
tree | ea03255aabc2427bee894f6fc68cd7492b5ce06c /libc/sysdeps/linux/common/setfsuid.c | |
parent | ae56f3a633860a984d42dd9a6959e1d5983296e5 (diff) |
xtensa: fix strcmp
Loops with 'loop forever' annotation inside strcmp are actually meant to
loop forever. Falling through the end of the first loop may result in
equal strings being compared unequal, e.g.:
#include <string.h>
int main(void)
{
char a[4096] __attribute__((aligned(4)));
char b[4096] __attribute__((aligned(4)));
memset(a, ' ', 258 * 8);
memset(b, ' ', 258 * 8);
a[255 * 8] = 0;
a[256 * 8] = 'a';
b[255 * 8] = 0;
b[256 * 8] = 'b';
return !(strcmp(a, b) == 0);
}
Falling through the end of the second loop may result in unequal strings
being compared as equal, e.g.:
#include <string.h>
int main(void)
{
char a[4096] __attribute__((aligned(4)));
char b[4096] __attribute__((aligned(4)));
memset(a, ' ', 514 * 6);
memset(b, ' ', 514 * 6);
a[514 * 6 + 0] = 'a';
a[514 * 6 + 1] = 0;
b[514 * 6 + 0] = 'b';
b[514 * 6 + 1] = 0;
return !(strcmp(a, b) != 0);
}
Use 0 as a loop counter to make 2^32 - 1 iterations which is enough to
cover all addressable memory. While at it drop useless nop at the end of
the first loop and use a11 for all loop counters.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Diffstat (limited to 'libc/sysdeps/linux/common/setfsuid.c')
0 files changed, 0 insertions, 0 deletions