Closed thestr4ng3r closed 10 months ago
I'm pretty sure this is an ASAN false positive? memcmp
will early exit once it sees a non-matching null terminator so it shouldn't OOB read, but I guess "non-naïve" memcmp implementation which read register-sized data each iteration could crash under certain implementations and page-alignment scenarios. In any case, this fix seems to not break anything and might still prevent some implementation-specific crash, so I'll merge it in.
No, memcmp
never stops at null terminators:
The memcmp() function compares byte string s1 against byte string s2. Both strings are assumed to be n bytes long.
It would stop at the null terminator because it is guaranteed to mismatch on strings of different lengths.
Ok, I see what you mean now. Yeah that would depend on the implementation indeed.
The length of only one of the operand strings was checked before the memcmp in these cases, causing out-of-bounds reads when the other was shorter. This could be seen by compiling with ASAN and for example executing any command longer than 2 characters.
In particular, this fixes the following issues: