strcmp: fix overflow and possibly signedness error
authorLinus Torvalds <torvalds@linux-foundation.org>
Wed, 18 Nov 2009 21:31:52 +0000 (22:31 +0100)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 19 Nov 2009 01:18:13 +0000 (17:18 -0800)
commita414f01ac2899f273ef8fe98fa44158ac12793f2
tree30a7ef8d7d2f8d4aca0781fa8785630fc1f6320d
parent6602b355c2cf8f4c628732827408606075288d28
strcmp: fix overflow and possibly signedness error

Doing the strcmp return value as

signed char __res = *cs - *ct;

is wrong for two reasons.  The subtraction can overflow because __res
doesn't use a type big enough.  Moreover the compared bytes should be
interpreted as unsigned char as specified by POSIX.

The same problem is fixed in strncmp.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lib/string.c