Graham Sutherland / Polynomialbug of the day: a memcmp that only compares every fourth byte
i blogged about the memcmp thing
Alba 🌸 
@gsuberland unrelated but shouldn't it be something like
*(a++) ^ *(b++)?@mildsunrise probably yeah I'm tired lol
@mildsunrise wait no, cos (a++) would be equivalent to pre-increment
@mildsunrise but yeah it should be *a ^ *b and then separately incrementing
@gsuberland (a++) is post increment, pre increment would be (++a)
@mildsunrise if you wrap it in brackets and deref outside doesn't it turn into pre behaviour regardless? (now I'm writing this I'm realising it probably doesn't, but this is c++ so principle of most surprise applies lol)
@mildsunrise yeah nah I'm just tiiired
@gsuberland dw, relatable
Gus@gsuberland "Rest assured, our embedded library is heavily optimised to use efficient word-sized operations."
K. Reid Wightman 
🌻 
@gsuberland i'm reminded of a weird bug i found in a compiler. in this case the vendor (green hills c compiler for coldfire cpus) converted a sequence like this:
uint8_t idx;
idx = <user input, a single character>;
char newbyte = lookup_table[idx];
The code was converting upper/lowercase letters iirc.
In this case the compiler actually converted idx to a signed value using a coldfire MVS.B instruction for some reason, so you could obtain values outside of the lookup table array if the user input a byte >= 0x80.
Not incredibly useful on its own in the app I was analyzing, but the bug was in the compiler itself so needed to be fixed...I never would have spotted the bug were it not for using Ida back in the day.