Re: [PATCH] Fixing where test-strncmp could read beyond page boundary

[Paul Clarke <pc at us dot ibm dot com>]

On 12/21/2016 03:44 AM, Florian Weimer wrote:
> On 12/20/2016 08:15 PM, Richard Henderson wrote:
> > On 12/20/2016 10:46 AM, Paul Clarke wrote:
> > > The 'size' parameter can be used in the implementation of strncmp() to decide
> > > the loop value for the number of loads.
> >
> > No, it can't.  I know because I've made that mistake before.
>
> Richard is right.  Even C11 is pretty clear that this optimization is
> not permitted because it says that “characters that follow a
> null character are not compared”.
>
> It's unspecified whether reading stops at the first difference.  But
> considering that you need to check for NUL bytes anyway, I don't think
> this matters in practice because any size-based optimization would be
> invalid anyway.
>
> This is also relevant to real-world code, which may use
>
>    strncmp (s, "expected-prefix", strlen ("expected-prefix")) == 0
>
> to determine whether s begins with "expected-prefix".  s could point
> close to the end of the heap.

Thanks for the thorough reviews. Looking more carefully this time, I agree.

Since I sifted through the fairly complex code and found it challenging, let me try to preserve some value from the effort and submit a patch with just the explanatory comments, in case someone else needs to understand the code in the future.

PC