This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Bug 13540: This bug occurs in wcscpy as well.

Here is a fix of #13540 for x86_32 wcscpy_ssse3.

The bug can be reproduced by test1 attached in Bugzilla.
If both yesterday and this patches are applied to glibc test shall print:

Strncpy is ok
Strncat is ok
Strcpy is ok
Strcat is ok
Wcscpy is ok

If no one patch is applied test falls with Segmentation fault for each
function. I just leave test code for one function by commenting code
for previous all.

Change log:

2011-12-23  Liubov Dmitrieva  <>

	* sysdeps/x86_64/multiarch/wcscpy-ssse3.S: Fix bug.
	Wrong copy algorithm for last bytes, not thread safety.
	In some particular cases it uses the destination
	memory beyond the string end for
	16-byte load, puts changes into that part that is relevant
	to destination string and writes whole 16-byte chunk into memory.
	I have a test case where the memory beyond the string end contains
	malloc/free data, that appear corrupted in case free() updates
	it in between the 16-byte read and 16-byte write.

Attachment: wcscpy_ssse3_fix_x86_32.patch
Description: Binary data

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]