amos@taux01.nsc.com (Amos Shapir) (09/13/90)
There are major bugs in the code for strcpy and strcmp which Dave posted. I don't think I can post the code that fixes that, so I'll just describe the bugs - they're quite easy to fix anyway. Both bugs happen only when the null byte at the end of a string is immediately followed by non-null bytes that happen to occupy the same double-word. Such strings are not generated by the compiler (which usually aligns everything to double-word boundary), but may happen in data read from files. Bug in strcpy: after discovering that there's a null byte in the current double-word, it checks the lower half (at mvby1); if the null isn't there, it checks the *upper byte first* (and branches to mv4). Consequently, if both the 3rd and 4th bytes are null, the whole word is copied, overwriting one byte too many. Bug in strcmp: When double-words compare unequal, it checks which byte doesn't match; but it does not check whether a lower byte (that does match) in the same word is null! Therefore, equal strings might compare unequal due to the garbage following the null byte. -- Amos Shapir amos@taux01.nsc.com, amos@nsc.nsc.com National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522255 TWX: 33691, fax: +972-52-558322 GEO: 34 48 E / 32 10 N