From afc03aebd37b050e1820ba3a4061605d15970577 Mon Sep 17 00:00:00 2001 From: dp-arm Date: Tue, 6 Dec 2016 15:20:25 +0000 Subject: [PATCH] stdlib: Fix signedness issue in memcmp() There is no guarantee on the signedness of char. It can be either signed or unsigned. On ARM it is unsigned and hence this memcmp() implementation works as intended. On other machines, char can be signed (x86 for example). In that case (and assuming a 2's complement implementation), interpreting a bit-pattern of 0xFF as signed char can yield -1. If *s1 is 0 and *s2 is 255 then the difference *s1 - *s2 should be negative. The C integer promotion rules guarantee that the unsigned chars will be converted to int before the operation takes place. The current implementation will return a positive value (0 - (-1)) instead, which is wrong. Fix it by changing the signedness to unsigned to avoid surprises for anyone using this code on non-ARM systems. Change-Id: Ie222fcaa7c0c4272d7a521a6f2f51995fd5130cc Signed-off-by: dp-arm --- lib/stdlib/mem.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/stdlib/mem.c b/lib/stdlib/mem.c index f1f335a6c..ef33dbab1 100644 --- a/lib/stdlib/mem.c +++ b/lib/stdlib/mem.c @@ -48,10 +48,10 @@ void *memset(void *dst, int val, size_t count) */ int memcmp(const void *s1, const void *s2, size_t len) { - const char *s = s1; - const char *d = s2; - char dc; - char sc; + const unsigned char *s = s1; + const unsigned char *d = s2; + unsigned char sc; + unsigned char dc; while (len--) { sc = *s++;