kunit/fortify: Fix memcmp() test to be amplitude agnostic

kees · kees · commit ae1a863bcdbd · 2024-05-18T13:46:10.000-07:00
When memcmp() returns a non-zero value, only the signed bit has any meaning. The actual value may differ between implementations. Reported-by: Nathan Chancellor <nathan@kernel.org> Closes: ClangBuiltLinux#2025 Tested-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/20240518184020.work.604-kees@kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>
diff --git a/lib/fortify_kunit.c b/lib/fortify_kunit.c
@@ -990,7 +990,7 @@ static void fortify_test_memcmp(struct kunit *test)
 	KUNIT_ASSERT_EQ(test, memcmp(one, two, one_len), 0);
 	KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0);
 	/* Still in bounds, but no longer matching. */
-	KUNIT_ASSERT_EQ(test, memcmp(one, two, one_len + 1), -32);
+	KUNIT_ASSERT_LT(test, memcmp(one, two, one_len + 1), 0);
 	KUNIT_EXPECT_EQ(test, fortify_read_overflows, 0);
 
 	/* Catch too-large ranges. */
