Fix string compare functions

[padelsbach]

Fixes finding 219.

• Update string compare functions to avoid false equality
• Add regression test cases
• Ensure -fno-builtin is set for the unit-string test to ensure we test our versions of the string functions
• Add asan mode to test Makefile and CI

[danielinux]

This looks like a safety improvement in general. The F-219/F-223 shoulde be both fixed now.

Only minor thing: would it be possible to add more test cases for the str[n[casecmp, including non-alpha characters, since we removed the isalpha condition from there?

e.g. strncasecmp("ab1c", "ab2c", 4), strcasecmp("1abc", "1abc") etc.

[Copilot]

Pull request overview

This PR fixes a bug (finding 219) in custom string compare functions (strcmp, strcasecmp, strncasecmp) that could produce false equality when one string is a prefix of another. The fix replaces the old loop logic with a correct approach that properly handles null terminators and prefix cases.

Changes:

• Fix strcmp, strcasecmp, and strncasecmp in src/string.c to correctly handle prefix strings and avoid false equality
• Add regression test cases in unit-string.c and update the test infrastructure (Makefile, .gitignore, test.mk)
• Refactor wolfBoot_find_header in src/libwolfboot.c to use integer arithmetic instead of pointer arithmetic to avoid potential UB

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/string.c	Core bug fix: rewrite compare functions to correctly handle prefix/terminator cases
tools/unit-tests/unit-string.c	Regression tests for the fixed string compare functions
tools/unit-tests/Makefile	Adds ASAN mode support and -fno-builtin for unit-string target
tools/test.mk	Updates binary size limits to reflect the code changes
src/libwolfboot.c	Refactors wolfBoot_find_header to use uintptr_t arithmetic, fixing potential pointer UB
lib/wolfssl	Bumps wolfssl submodule to a newer commit
.gitignore	Adds new unit test binaries to ignore list

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[padelsbach]

This looks like a safety improvement in general. The F-219/F-223 shoulde be both fixed now.

Only minor thing: would it be possible to add more test cases for the str[n[casecmp, including non-alpha characters, since we removed the isalpha condition from there?

e.g. strncasecmp("ab1c", "ab2c", 4), strcasecmp("1abc", "1abc") etc.

Good point. I added a few test cases.

I initially went a bit overboard trying to design a much more stressful set of tests, but decided against it in favor of readability and simplicity. Let me know if you want something more sophisticated.