From fd7214436ab3e77fb9e509019974cd19d685b5a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
Date: Thu, 12 Jan 2023 23:30:36 +0100
Subject: [PATCH] Fix comment for php_safe_bcmp (#10306)

* main: Fix comment for php_safe_bcmp

* main: Include note about php_safe_bcmp being security sensitive

This is taken from the implementation of `hash_equals()`.
---
 main/safe_bcmp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main/safe_bcmp.c b/main/safe_bcmp.c
index 27a1756d79b..3e806de4ab6 100644
--- a/main/safe_bcmp.c
+++ b/main/safe_bcmp.c
@@ -19,7 +19,7 @@
 #include <string.h>
 
 /*
- * Returns 0 if both inputs match, 1 if they don't.
+ * Returns 0 if both inputs match, non-zero if they don't.
  * Returns -1 early if inputs do not have the same lengths.
  *
  */
@@ -34,6 +34,7 @@ PHPAPI int php_safe_bcmp(const zend_string *a, const zend_string *b)
 		return -1;
 	}
 
+	/* This is security sensitive code. Do not optimize this for speed. */
 	while (i < ZSTR_LEN(a)) {
 		r |= ua[i] ^ ub[i];
 		++i;