The version of strcpy.S for ARM uses the following to initialize a value in r7 to detect end-of-string. 84 @ Subtracting (unsigned saturating) from 1 for any byte means result 85 @ of 1 for any byte that was originally zero and 0 otherwise. 86 @ Therefore we consider the lsb of each byte the "found" bit. 87 #ifdef ARCH_HAS_T2 88 movw r7, #0x0101 89 tst r0, #3 @ Test alignment of DEST 90 movt r7, #0x0101 91 #else 92 ldr ip, =0x01010101 93 tst r0, #3 94 #endif If ARCH_HAS_T2 is not defined, then ip (r12) gets initialized rather than r7. The subsequent code will then attempt to use the uninitialized value in r7, which can cause strcpy() to walk past the end of the string.
Richard, this is your strcpy implementation....
Oops, a clear bug introduced during code rearrangements.
Fix committed: ecdaa7c9207615a1dc5882560095389a18b1e2ca