sysdeps/x86_64/memcmp.S has ENTRY (memcmp) test %rdx, %rdx jz L(finz) cmpq $1, %rdx jle L(finr1b) <<< signed Jcc subq %rdi, %rsi movq %rdx, %r10 cmpq $32, %r10 jge L(gt32) <<< signed Jcc But size_t is unsigned.
H.J. Lu reports: “On x32, memcmp always returns 0 when the most significant bit of RDX is set since it treats size as 0, like memcmp (a, b, 0).“ On x86-64, it is not possible to reach this error condition with valid input.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d (commit) from 2ab5741b8a96d02eb89e455b1971a19e7aef67bc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3f635fb43389b54f682fc9ed2acc0b2aaf4a923d commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Feb 4 06:31:01 2019 -0800 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155] Since the size argument is unsigned. we should use unsigned Jcc instructions, instead of signed, to check size. Tested on x86-64 and x32, with and without --disable-multi-arch. [BZ #24155] CVE-2019-7309 * NEWS: Updated for CVE-2019-7309. * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the upper 32 bits of RDX register for x32. Use unsigned Jcc instructions, instead of signed. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 8 +++++++- sysdeps/x86_64/memcmp.S | 20 ++++++++++++-------- sysdeps/x86_64/x32/Makefile | 3 ++- .../{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} | 7 +++++-- 5 files changed, 37 insertions(+), 12 deletions(-) copy sysdeps/x86_64/x32/{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} (92%)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.28/master has been updated via 9aaa083387fd1e19eb0bbd9f25444a5d5c91e210 (commit) from d09b11cbe57c6434813ead18ff128012230bb614 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9aaa083387fd1e19eb0bbd9f25444a5d5c91e210 commit 9aaa083387fd1e19eb0bbd9f25444a5d5c91e210 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Feb 4 08:55:52 2019 -0800 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155] Since the size argument is unsigned. we should use unsigned Jcc instructions, instead of signed, to check size. Tested on x86-64 and x32, with and without --disable-multi-arch. [BZ #24155] CVE-2019-7309 * NEWS: Updated for CVE-2019-7309. * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the upper 32 bits of RDX register for x32. Use unsigned Jcc instructions, instead of signed. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. (cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 9 +++++++++ sysdeps/x86_64/memcmp.S | 20 ++++++++++++-------- sysdeps/x86_64/x32/Makefile | 3 ++- .../{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} | 7 +++++-- 5 files changed, 39 insertions(+), 11 deletions(-) copy sysdeps/x86_64/x32/{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} (92%)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.27/master has been updated via 2ebadb6451eda1d518d70e26cf4ceeb0362e2456 (commit) from 3a5ae8db6829d4c7f004fb1cda716f5ecfb3e97f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2ebadb6451eda1d518d70e26cf4ceeb0362e2456 commit 2ebadb6451eda1d518d70e26cf4ceeb0362e2456 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Feb 4 08:55:52 2019 -0800 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155] Since the size argument is unsigned. we should use unsigned Jcc instructions, instead of signed, to check size. Tested on x86-64 and x32, with and without --disable-multi-arch. [BZ #24155] CVE-2019-7309 * NEWS: Updated for CVE-2019-7309. * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the upper 32 bits of RDX register for x32. Use unsigned Jcc instructions, instead of signed. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. (cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 9 +++++++++ sysdeps/x86_64/memcmp.S | 20 ++++++++++++-------- sysdeps/x86_64/x32/Makefile | 3 ++- .../{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} | 7 +++++-- 5 files changed, 39 insertions(+), 11 deletions(-) copy sysdeps/x86_64/x32/{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} (92%)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.26/master has been updated via 04e767b59b16befce93c6086362acbc1fae63f4e (commit) from dc968f557398565d416dab69224f722c1d2beb9b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=04e767b59b16befce93c6086362acbc1fae63f4e commit 04e767b59b16befce93c6086362acbc1fae63f4e Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Feb 4 08:55:52 2019 -0800 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155] Since the size argument is unsigned. we should use unsigned Jcc instructions, instead of signed, to check size. Tested on x86-64 and x32, with and without --disable-multi-arch. [BZ #24155] CVE-2019-7309 * NEWS: Updated for CVE-2019-7309. * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the upper 32 bits of RDX register for x32. Use unsigned Jcc instructions, instead of signed. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. (cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 10 ++++++++++ sysdeps/x86_64/memcmp.S | 20 ++++++++++++-------- sysdeps/x86_64/x32/Makefile | 3 ++- .../{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} | 7 +++++-- 5 files changed, 40 insertions(+), 11 deletions(-) copy sysdeps/x86_64/x32/{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} (92%)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.25/master has been updated via 2ad78b78d382c5e4bd805334617ac17f35ecff7e (commit) from f728a542bf8f9f30709f8d16a5cfceaa060956ce (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2ad78b78d382c5e4bd805334617ac17f35ecff7e commit 2ad78b78d382c5e4bd805334617ac17f35ecff7e Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Feb 4 08:55:52 2019 -0800 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155] Since the size argument is unsigned. we should use unsigned Jcc instructions, instead of signed, to check size. Tested on x86-64 and x32, with and without --disable-multi-arch. [BZ #24155] CVE-2019-7309 * NEWS: Updated for CVE-2019-7309. * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the upper 32 bits of RDX register for x32. Use unsigned Jcc instructions, instead of signed. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. (cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 10 ++++++++++ sysdeps/x86_64/memcmp.S | 20 ++++++++++++-------- sysdeps/x86_64/x32/Makefile | 3 ++- .../{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} | 7 +++++-- 5 files changed, 40 insertions(+), 11 deletions(-) copy sysdeps/x86_64/x32/{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} (92%)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.29/master has been updated via 726a78867b3144e9b9da10197bcf59bde3d8b2a4 (commit) from 86013ef5cea322b8f4b9c22f230c22cce369e947 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=726a78867b3144e9b9da10197bcf59bde3d8b2a4 commit 726a78867b3144e9b9da10197bcf59bde3d8b2a4 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Feb 4 08:55:52 2019 -0800 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155] Since the size argument is unsigned. we should use unsigned Jcc instructions, instead of signed, to check size. Tested on x86-64 and x32, with and without --disable-multi-arch. [BZ #24155] CVE-2019-7309 * NEWS: Updated for CVE-2019-7309. * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the upper 32 bits of RDX register for x32. Use unsigned Jcc instructions, instead of signed. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. (cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 17 +++++++++++++++++ sysdeps/x86_64/memcmp.S | 20 ++++++++++++-------- sysdeps/x86_64/x32/Makefile | 3 ++- .../{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} | 7 +++++-- 5 files changed, 47 insertions(+), 11 deletions(-) copy sysdeps/x86_64/x32/{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} (92%)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.24/master has been updated via 9146dc9d73aba08cf3fc2613a3f946c219dd2a52 (commit) from fc4a25e8148f6aa1afd510a7d4dc57a4c597fb96 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9146dc9d73aba08cf3fc2613a3f946c219dd2a52 commit 9146dc9d73aba08cf3fc2613a3f946c219dd2a52 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Feb 4 08:55:52 2019 -0800 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155] Since the size argument is unsigned. we should use unsigned Jcc instructions, instead of signed, to check size. Tested on x86-64 and x32, with and without --disable-multi-arch. [BZ #24155] CVE-2019-7309 * NEWS: Updated for CVE-2019-7309. * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the upper 32 bits of RDX register for x32. Use unsigned Jcc instructions, instead of signed. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. (cherry picked from commit 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 10 ++++++++++ sysdeps/x86_64/memcmp.S | 20 ++++++++++++-------- sysdeps/x86_64/x32/Makefile | 3 ++- .../{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} | 7 +++++-- 5 files changed, 40 insertions(+), 11 deletions(-) copy sysdeps/x86_64/x32/{tst-size_t-memcmp.c => tst-size_t-memcmp-2.c} (92%)
Fixed for 2.30 and backported to 2.24/2.25/2.26/2.27/2.28/2.29 release branches.