Bug 12205 - Bad x86-64 strncasecmp on Intel Core i7
Summary: Bad x86-64 strncasecmp on Intel Core i7
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.13
: P2 critical
Target Milestone: ---
Assignee: Ulrich Drepper
URL: http://sourceware.org/ml/libc-alpha/2...
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-09 23:45 UTC by H.J. Lu
Modified: 2014-06-30 06:28 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
A patch (313 bytes, patch)
2010-11-10 02:04 UTC, H.J. Lu 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description H.J. Lu 2010-11-09 23:45:45 UTC 
(gdb) p cp + 1
$78 = 0x749ffa "gottpoff"
(gdb) p gotrel[j].str
$79 = 0x505cbe "GOTPLT"
(gdb) p len
$80 = 6
(gdb) call strncasecmp (cp + 1, gotrel[j].str, gotrel[j].len)
$81 = 0
(gdb)
Comment 1 H.J. Lu 2010-11-10 00:05:34 UTC 
[hjl@gnu-35 junk-1]$ cat test.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

static char cp [4096+16] __attribute__ ((aligned(4096)));
static char gotrel[4096] __attribute__ ((aligned(4096)));

int
main ()
{
  char *p = cp + 0xffa;
  char *g = gotrel + 0xcbe;
  strcpy (p, "gottpoff");
  strcpy (g, "GOTPLT");
  printf ("%p: %s\n", p, p);
  printf ("%p: %s\n", g, g);
  if (strncasecmp (p, g, 6) <= 0)
    abort ();
  return 0;
}
[hjl@gnu-35 junk-1]$ make
cc     test.c   -o test
./test
0x602ffa: gottpoff
0x604cbe: GOTPLT
make: *** [all] Aborted
[hjl@gnu-35 junk-1]$
Comment 2 H.J. Lu 2010-11-10 02:04:22 UTC 
Created attachment 5118 [details]
A patch
Comment 3 H.J. Lu 2010-11-10 03:41:31 UTC 
A patch is at

http://sourceware.org/ml/libc-alpha/2010-11/msg00031.html
Comment 4 Ulrich Drepper 2010-11-10 08:06:44 UTC 
 Patch is in git.