From a414f01ac2899f273ef8fe98fa44158ac12793f2 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Wed, 18 Nov 2009 22:31:52 +0100 Subject: strcmp: fix overflow and possibly signedness error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Doing the strcmp return value as signed char __res = *cs - *ct; is wrong for two reasons. The subtraction can overflow because __res doesn't use a type big enough. Moreover the compared bytes should be interpreted as unsigned char as specified by POSIX. The same problem is fixed in strncmp. Signed-off-by: Uwe Kleine-König Cc: Michael Buesch Cc: Andreas Schwab Cc: Andrew Morton Signed-off-by: Linus Torvalds --- lib/string.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'lib/string.c') diff --git a/lib/string.c b/lib/string.c index b19b87af65a3..e96421ab9a9a 100644 --- a/lib/string.c +++ b/lib/string.c @@ -246,13 +246,17 @@ EXPORT_SYMBOL(strlcat); #undef strcmp int strcmp(const char *cs, const char *ct) { - signed char __res; + unsigned char c1, c2; while (1) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + c1 = *cs++; + c2 = *ct++; + if (c1 != c2) + return c1 < c2 ? -1 : 1; + if (!c1) break; } - return __res; + return 0; } EXPORT_SYMBOL(strcmp); #endif @@ -266,14 +270,18 @@ EXPORT_SYMBOL(strcmp); */ int strncmp(const char *cs, const char *ct, size_t count) { - signed char __res = 0; + unsigned char c1, c2; while (count) { - if ((__res = *cs - *ct++) != 0 || !*cs++) + c1 = *cs++; + c2 = *ct++; + if (c1 != c2) + return c1 < c2 ? -1 : 1; + if (!c1) break; count--; } - return __res; + return 0; } EXPORT_SYMBOL(strncmp); #endif -- cgit v1.2.2 From f653398c86a1c104f0992bd788dd4bb065449be4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Goddard=20Rosa?= Date: Mon, 14 Dec 2009 18:01:04 -0800 Subject: string: factorize skip_spaces and export it to be generally available MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On the following sentence: while (*s && isspace(*s)) s++; If *s == 0, isspace() evaluates to ((_ctype[*s] & 0x20) != 0), which evaluates to ((0x08 & 0x20) != 0) which equals to 0 as well. If *s == 1, we depend on isspace() result anyway. In other words, "a char equals zero is never a space", so remove this check. Also, *s != 0 is most common case (non-null string). Fixed const return as noticed by Jan Engelhardt and James Bottomley. Fixed unnecessary extra cast on strstrip() as noticed by Jan Engelhardt. Signed-off-by: André Goddard Rosa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- lib/string.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'lib/string.c') diff --git a/lib/string.c b/lib/string.c index e96421ab9a9a..3a912a4e9a63 100644 --- a/lib/string.c +++ b/lib/string.c @@ -337,6 +337,20 @@ char *strnchr(const char *s, size_t count, int c) EXPORT_SYMBOL(strnchr); #endif +/** + * skip_spaces - Removes leading whitespace from @s. + * @s: The string to be stripped. + * + * Returns a pointer to the first non-whitespace character in @s. + */ +char *skip_spaces(const char *str) +{ + while (isspace(*str)) + ++str; + return (char *)str; +} +EXPORT_SYMBOL(skip_spaces); + /** * strstrip - Removes leading and trailing whitespace from @s. * @s: The string to be stripped. @@ -360,10 +374,7 @@ char *strstrip(char *s) end--; *(end + 1) = '\0'; - while (*s && isspace(*s)) - s++; - - return s; + return skip_spaces(s); } EXPORT_SYMBOL(strstrip); -- cgit v1.2.2 From 84c95c9acf088c99d8793d78036b67faa5d0b851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Goddard=20Rosa?= Date: Mon, 14 Dec 2009 18:01:04 -0800 Subject: string: on strstrip(), first remove leading spaces before running over str MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... so that strlen() iterates over a smaller string comprising of the remaining characters only. Signed-off-by: André Goddard Rosa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- lib/string.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/string.c') diff --git a/lib/string.c b/lib/string.c index 3a912a4e9a63..765566a6a088 100644 --- a/lib/string.c +++ b/lib/string.c @@ -364,8 +364,8 @@ char *strstrip(char *s) size_t size; char *end; + s = skip_spaces(s); size = strlen(s); - if (!size) return s; @@ -374,7 +374,7 @@ char *strstrip(char *s) end--; *(end + 1) = '\0'; - return skip_spaces(s); + return s; } EXPORT_SYMBOL(strstrip); -- cgit v1.2.2 From ca54cb8c9eb38095dc420b73c6380ce1dbeb10fa Mon Sep 17 00:00:00 2001 From: KOSAKI Motohiro Date: Mon, 14 Dec 2009 18:01:15 -0800 Subject: Subject: Re: [PATCH] strstrip incorrectly marked __must_check Recently, We marked strstrip() as must_check. because it was frequently misused and it should be checked. However, we found one exception. scsi/ipr.c intentionally ignore return value of strstrip. Because it wishes to keep the whitespace at the beginning. Thus we need to keep with and without checked whitespace trim function. This patch adds a new strim() and changes ipr.c to use it. [akpm@linux-foundation.org: coding-style fixes] Suggested-by: Alan Cox Signed-off-by: KOSAKI Motohiro Cc: James Bottomley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- lib/string.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/string.c') diff --git a/lib/string.c b/lib/string.c index 765566a6a088..afce96af3afd 100644 --- a/lib/string.c +++ b/lib/string.c @@ -352,14 +352,14 @@ char *skip_spaces(const char *str) EXPORT_SYMBOL(skip_spaces); /** - * strstrip - Removes leading and trailing whitespace from @s. + * strim - Removes leading and trailing whitespace from @s. * @s: The string to be stripped. * * Note that the first trailing whitespace is replaced with a %NUL-terminator * in the given string @s. Returns a pointer to the first non-whitespace * character in @s. */ -char *strstrip(char *s) +char *strim(char *s) { size_t size; char *end; @@ -376,7 +376,7 @@ char *strstrip(char *s) return s; } -EXPORT_SYMBOL(strstrip); +EXPORT_SYMBOL(strim); #ifndef __HAVE_ARCH_STRLEN /** -- cgit v1.2.2 From a6cd13f3c98d1d16213e3b61054b9c209d93f877 Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Mon, 21 Dec 2009 14:37:22 -0800 Subject: lib/string.c: fix kernel-doc warnings Fix kernel-doc warnings (@arg name) in string.c::skip_spaces(). Warning(lib/string.c:347): No description found for parameter 'str' Warning(lib/string.c:347): Excess function parameter 's' description in 'skip_spaces' Signed-off-by: Randy Dunlap Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- lib/string.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/string.c') diff --git a/lib/string.c b/lib/string.c index afce96af3afd..9f75b4ec50b8 100644 --- a/lib/string.c +++ b/lib/string.c @@ -338,10 +338,10 @@ EXPORT_SYMBOL(strnchr); #endif /** - * skip_spaces - Removes leading whitespace from @s. - * @s: The string to be stripped. + * skip_spaces - Removes leading whitespace from @str. + * @str: The string to be stripped. * - * Returns a pointer to the first non-whitespace character in @s. + * Returns a pointer to the first non-whitespace character in @str. */ char *skip_spaces(const char *str) { -- cgit v1.2.2