[BUG] ebtree: string_equal_bits() could return garbage on identical strings
(from ebtree 6.0.2)
When inserting duplicates on x86/x86_64, the assembler optimization
does not support equal strings that both end up with a zero, and
can return garbage in the bit number, possibly causing a segfault
for its users. The only case where this can happen appears to be
in ebst_insert().
(cherry picked from commit 006152c62ae56d151188626e6074a79be3928858)
diff --git a/ebtree/ebtree.h b/ebtree/ebtree.h
index a9de5d6..5acbbcf 100644
--- a/ebtree/ebtree.h
+++ b/ebtree/ebtree.h
@@ -793,7 +793,8 @@
* may be rechecked. It is only passed here as a hint to speed up the check.
* The caller is responsible for not passing an <ignore> value larger than any
* of the two strings. However, referencing any bit from the trailing zero is
- * permitted.
+ * permitted. Equal strings are reported as equal up to and including the last
+ * zero.
*/
static forceinline int string_equal_bits(const unsigned char *a,
const unsigned char *b,
@@ -818,9 +819,8 @@
if (c)
break;
if (!d)
- break;
+ return (beg << 3) + 8; /* equal bytes + zero */
}
-
/* OK now we know that a and b differ at byte <beg>, or that both are zero.
* We have to find what bit is differing and report it as the number of
* identical bits. Note that low bit numbers are assigned to high positions