-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Index Maintenance
-
None
-
ALL
I don't think memcmp guarantees that it will not access later bytes in a string if earlier bytes do not match. According to the man page "Both strings are assumed to be n bytes long." So for example if there is a memcmp implementation that compares one word rather than one byte at a time and backtracks to find the return value if there is a mismatch it could seg fault in the following call sites where the allocation for r may be shorter than sz/len.
case cstring:
{ unsigned sz = ((unsigned) *l) + 1; if( memcmp(l, r, sz) ) // first byte checked is the length byte return false; l += sz; r += sz; break; }case cbindata:
{ int len = binDataCodeToLength(*l) + 1; if( memcmp(l, r, len) ) return false; l += len; r += len; break; }