On Wed, Dec 21, 2022 at 09:06:41AM -0800, Linus Torvalds wrote:
> On Wed, Dec 21, 2022 at 7:56 AM Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
> >
> > The above assumes an unsigned char as input to strcmp(). I consider that
> > a hypothetical problem because "comparing" strings with upper bits
> > set doesn't really make sense in practice (How does one compare Günter
> > against Gunter ? And how about Gǖnter ?). On the other side, the problem
> > observed here is real and immediate.
>
> POSIX does actually specify "Günter" vs "Gunter".
>
> The way strcmp is supposed to work is to return the sign of the
> difference between the byte values ("unsigned char").
>
> But that sign has to be computed in 'int', not in 'signed char'.
>
> So yes, the m68k implementation is broken regardless, but with a
> signed char it just happened to work for the US-ASCII case that the
> crypto case tested.
>
I understand. I just prefer a known limited breakage to completely
broken code.
> I think the real fix is to just remove that broken implementation
> entirely, and rely on the generic one.
Perfectly fine with me.
Thanks,
Guenter
