From a97e73a0a143e25a5f70d43e5b0bd57c4dfb6764 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 28 Sep 2010 11:28:19 +0200 Subject: [PATCH] [BUG] ebtree: string_equal_bits() could return garbage on identical strings (from ebtree 6.0.2) When inserting duplicates on x86/x86_64, the assembler optimization does not support equal strings that both end up with a zero, and can return garbage in the bit number, possibly causing a segfault for its users. The only case where this can happen appears to be in ebst_insert(). (cherry picked from commit 006152c62ae56d151188626e6074a79be3928858) --- ebtree/ebtree.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ebtree/ebtree.h b/ebtree/ebtree.h index a9de5d6ca..5acbbcfc4 100644 --- a/ebtree/ebtree.h +++ b/ebtree/ebtree.h @@ -793,7 +793,8 @@ static forceinline int check_bits(const unsigned char *a, * may be rechecked. It is only passed here as a hint to speed up the check. * The caller is responsible for not passing an value larger than any * of the two strings. However, referencing any bit from the trailing zero is - * permitted. + * permitted. Equal strings are reported as equal up to and including the last + * zero. */ static forceinline int string_equal_bits(const unsigned char *a, const unsigned char *b, @@ -818,9 +819,8 @@ static forceinline int string_equal_bits(const unsigned char *a, if (c) break; if (!d) - break; + return (beg << 3) + 8; /* equal bytes + zero */ } - /* OK now we know that a and b differ at byte , or that both are zero. * We have to find what bit is differing and report it as the number of * identical bits. Note that low bit numbers are assigned to high positions