richardvo...@gmail.com wrote:
Hello,
I'd be concerned about (s1 != s2). Depending on how efficiently this
compiles, could not branch prediction make this faster for match vs. not
match, etc?. I'd be worried about all the ways (and future ways) compilers
might help us and introduce time differences.
I was avoiding suggesting new conditionals for that reason, but didn't
see the one already there. Good find.
I'd feel most comfortable with the time delay, but why not stick to complete
artithmetic?
I agree. But I think you've inverted the return value (strcmp returns
0 on perfect match).
Yeah, sorry. That'd be a slightly larger security hole, eh?
I meant to just show the "acc |= (*s1 ^ *s2);" line, but I decided to
throw the rest in for context and didn't really check it. I noticed
that just AFTER sending.
int i;
int acc = 0;
for(i=0;i<MAX_LEN;i++,s1++,s2++)
{
acc |= (*s1 ^ *s2);
if (*s1 == 0)
break;
}
return (acc == 0);
Also, these strcmp functions don't properly return < or >. Just = / !=.
However, my context being so new is quite limited.
Darron
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
