From bef9f39d033ea5c9600f39af7cfd213e01aab4c1 Mon Sep 17 00:00:00 2001
From: Alastair Reid <adreid@google.com>
Date: Mon, 2 Nov 2020 16:47:51 +0000
Subject: fix: bcmp with n==0

This was executing the loop when n==0 leading to an out of bound pointer
error.

Found while verifying Rust code that compares strings.
---
 runtime/klee-libc/bcmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'runtime/klee-libc')

diff --git a/runtime/klee-libc/bcmp.c b/runtime/klee-libc/bcmp.c
index 23e1c233..306523fb 100644
--- a/runtime/klee-libc/bcmp.c
+++ b/runtime/klee-libc/bcmp.c
@@ -11,7 +11,7 @@
 
 int bcmp(const void *s1, const void *s2, size_t n) {
   const unsigned char *p1 = s1, *p2 = s2;
-  while (--n != 0) {
+  while (n-- != 0) {
     if (*p1++ != *p2++)
       return 1;
   }
-- 
cgit 1.4.1