This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Bug 13540: This bug occurs in wcscpy as well.

From: Dmitrieva Liubov <liubov dot dmitrieva at gmail dot com>
To: libc-alpha at sourceware dot org, Ulrich Drepper <drepper at gmail dot com>
Date: Fri, 23 Dec 2011 14:58:05 +0400
Subject: Bug 13540: This bug occurs in wcscpy as well.

Here is a fix of #13540 for x86_32 wcscpy_ssse3.

The bug can be reproduced by test1 attached in Bugzilla.
If both yesterday and this patches are applied to glibc test shall print:

Strncpy is ok
Strncat is ok
Strcpy is ok
Strcat is ok
Wcscpy is ok

If no one patch is applied test falls with Segmentation fault for each
function. I just leave test code for one function by commenting code
for previous all.

Change log:

2011-12-23  Liubov Dmitrieva  <liubov.dmitrieva@gmail.com>

	* sysdeps/x86_64/multiarch/wcscpy-ssse3.S: Fix bug.
	Wrong copy algorithm for last bytes, not thread safety.
	In some particular cases it uses the destination
	memory beyond the string end for
	16-byte load, puts changes into that part that is relevant
	to destination string and writes whole 16-byte chunk into memory.
	I have a test case where the memory beyond the string end contains
	malloc/free data, that appear corrupted in case free() updates
	it in between the 16-byte read and 16-byte write.

Attachment: wcscpy_ssse3_fix_x86_32.patch
Description: Binary data

Follow-Ups:
- Re: Bug 13540: This bug occurs in wcscpy as well.
  - From: Dmitrieva Liubov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]