git: 99544e13eec1 - stable/12 - lib/libc/string/bcmp.c: fix integer overflow bug

From: Robert Clausecker <fuz_at_FreeBSD.org>
Date: Fri, 21 Jul 2023 08:57:44 UTC
The branch stable/12 has been updated by fuz:

URL: https://cgit.FreeBSD.org/src/commit/?id=99544e13eec1586552470bd9d5f3b24038891401

commit 99544e13eec1586552470bd9d5f3b24038891401
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2023-07-12 18:23:21 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-07-21 08:57:32 +0000

    lib/libc/string/bcmp.c: fix integer overflow bug
    
    bcmp() returned the number of remaining bytes when the main loop exits.
    In case of a match, this is zero, else a positive integer.  On systems
    where SIZE_MAX > INT_MAX, the implicit conversion from size_t to int in
    the return value may cause the number of remaining bytes to overflow,
    becoming zero and falsely indicating a successful comparison.
    
    Fix the bug by always returning 0 on equality, 1 otherwise.
    
    PR:             272474
    Approved by:    emaste
    Reviewed by:    imp
    MFC After:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D41011
    
    (cherry picked from commit 4da7282a1882fc03c99591c27d44a2e6dfda364b)
---
 lib/libc/string/bcmp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libc/string/bcmp.c b/lib/libc/string/bcmp.c
index 96cd49039eee..c42fe79ddb2f 100644
--- a/lib/libc/string/bcmp.c
+++ b/lib/libc/string/bcmp.c
@@ -51,7 +51,7 @@ bcmp(const void *b1, const void *b2, size_t length)
 	p2 = (char *)b2;
 	do
 		if (*p1++ != *p2++)
-			break;
+			return (1);
 	while (--length);
-	return (length);
+	return (0);
 }