From 9be0623d4ce518eead8ea477a4615cb8c3e357d8 Mon Sep 17 00:00:00 2001 From: Jim Mussared Date: Mon, 6 Nov 2023 15:06:28 +1100 Subject: [PATCH] shared/libc/string0: Don't deref args for n==0 case. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit C99 says that strncmp has UB for either string being NULL, so the current behavior is technically correct, but it's an easy fix to handle this case correctly. 7.1.4: "unless explicitly stated otherwise in the detailed description... if an argument to a function has ...null pointer.. the behavior is undeļ¬ned". 7.21.1: "Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4". Also make the same change for the minimal version in bare-arm/lib.c. This work was funded through GitHub Sponsors. Signed-off-by: Jim Mussared --- ports/bare-arm/lib.c | 3 ++- shared/libc/string0.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ports/bare-arm/lib.c b/ports/bare-arm/lib.c index 61d3be64e3..1574d5c902 100644 --- a/ports/bare-arm/lib.c +++ b/ports/bare-arm/lib.c @@ -110,8 +110,9 @@ char *strchr(const char *s, int c) { } int strncmp(const char *s1, const char *s2, size_t n) { - while (*s1 && *s2 && n-- > 0) { + while (n > 0 && *s1 && *s2) { int c = *s1++ - *s2++; + --n; if (c) { return c; } diff --git a/shared/libc/string0.c b/shared/libc/string0.c index a3b268e441..3909f70ed8 100644 --- a/shared/libc/string0.c +++ b/shared/libc/string0.c @@ -154,7 +154,7 @@ int strcmp(const char *s1, const char *s2) { } int strncmp(const char *s1, const char *s2, size_t n) { - while (*s1 && *s2 && n > 0) { + while (n > 0 && *s1 && *s2) { char c1 = *s1++; // XXX UTF8 get char, next char char c2 = *s2++; // XXX UTF8 get char, next char n--;