This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
- From: Florian Weimer <fweimer at redhat dot com>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 18 Jan 2019 14:31:30 +0100
- Subject: Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
- References: <20190117165351.25914-1-hjl.tools@gmail.com> <87bm4ep7df.fsf@oldenburg2.str.redhat.com> <CAMe9rOq0wYwkXB_po_3CqMu7T=vJxtxGkXsxUuq-L5mghEPQCw@mail.gmail.com>
* H. J. Lu:
> On Fri, Jan 18, 2019 at 2:50 AM Florian Weimer <fweimer@redhat.com> wrote:
>>
>> * H. J. Lu:
>>
>> > On x32, the size_t parameter may be passed in the lower 32 bits of a
>> > 64-bit register with the non-zero upper 32 bits. The string/memory
>> > functions written in assembly can only use the lower 32 bits of a
>> > 64-bit register as length or must clear the upper 32 bits before using
>> > the full 64-bit register for length.
>> >
>> > This pach fixes string/memory functions written in assembly for x32.
>> > Tested on x86-64 and x32. On x86-64, libc.so is the same with and
>> > withou the fix.
>>
>> Can this bug result in buffer overflows? Should we obtain a CVE
>
> Yes, definitely.
Yuck.
>> identifier?
>>
>
> Yes, please. Can you do that for me?
Working on it.
The issue existed since the port was introduced, correct?
Thanks,
Florian