17949 – __memcpy_chk broken on non-SSE2 CPUs

Bug 17949 - __memcpy_chk broken on non-SSE2 CPUs

Summary: __memcpy_chk broken on non-SSE2 CPUs

Status:	RESOLVED FIXED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	2.21

Importance:	P2 normal
Target Milestone:	---
Assignee:	Allan McRae

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-10 03:47 UTC by Allan McRae
Modified:	2015-02-11 12:52 UTC (History)
CC List:	2 users (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1190454
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Allan McRae 2015-02-10 03:47:47 UTC

In commit 8b4416d, the 1: jump label in __mempcpy_chk was accidentally
moved.  This resulted in failures of mempcpy on CPU without SSE2.

Comment 1 Allan McRae 2015-02-10 03:50:51 UTC

https://sourceware.org/ml/libc-alpha/2015-02/msg00191.html

Comment 2 Allan McRae 2015-02-10 12:39:27 UTC

commit 132a1328eccd20621b77f7810eebbeec0a1af187
Author: Evangelos Foutras <evangelos@foutrelis.com>
Date:   Tue Feb 10 03:22:58 2015 +0000

    Fix __memcpy_chk on non-SSE2 CPUs

Comment 3 Florian Weimer 2015-02-11 12:45:34 UTC

Additional reference: https://bugs.archlinux.org/task/43753

Comment 4 Florian Weimer 2015-02-11 12:52:45 UTC

Commit 8b4416d83c79ba77b0669203741c712880a09ae4 (“i386: memcpy functions with SSE2 unaligned load/store”) happened during 2.21 development, so 2.20 and earlier are not affected.

I'm leaning towards treating this as a security issue because it can introduce application crashes in unexpected ways.  The references indicate that the system is still usable to some degree, unlike with other string function bugs.