This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug string/23196] __mempcpy_avx512_no_vzeroupper mishandles large copies (CVE-2018-11237)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 23 May 2018 07:53:13 +0000
- Subject: [Bug string/23196] __mempcpy_avx512_no_vzeroupper mishandles large copies (CVE-2018-11237)
- Auto-submitted: auto-generated
- References: <bug-23196-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e (commit)
from 8f145c77123a565b816f918969e0e35ee5b89153 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e
commit 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e
Author: Andreas Schwab <schwab@suse.de>
Date: Tue May 22 10:37:59 2018 +0200
Don't write beyond destination in __mempcpy_avx512_no_vzeroupper (bug
23196)
When compiled as mempcpy, the return value is the end of the destination
buffer, thus it cannot be used to refer to the start of it.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 9 +++++++++
string/test-mempcpy.c | 1 +
.../multiarch/memmove-avx512-no-vzeroupper.S | 5 +++--
3 files changed, 13 insertions(+), 2 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.