This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/8] x86-64: Properly handle the length parameter [BZ# 24097]
On Fri, Jan 18, 2019 at 5:31 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * H. J. Lu:
>
> > On Fri, Jan 18, 2019 at 2:50 AM Florian Weimer <fweimer@redhat.com> wrote:
> >>
> >> * H. J. Lu:
> >>
> >> > On x32, the size_t parameter may be passed in the lower 32 bits of a
> >> > 64-bit register with the non-zero upper 32 bits. The string/memory
> >> > functions written in assembly can only use the lower 32 bits of a
> >> > 64-bit register as length or must clear the upper 32 bits before using
> >> > the full 64-bit register for length.
> >> >
> >> > This pach fixes string/memory functions written in assembly for x32.
> >> > Tested on x86-64 and x32. On x86-64, libc.so is the same with and
> >> > withou the fix.
> >>
> >> Can this bug result in buffer overflows? Should we obtain a CVE
> >
> > Yes, definitely.
>
> Yuck.
>
> >> identifier?
> >>
> >
> > Yes, please. Can you do that for me?
>
> Working on it.
>
> The issue existed since the port was introduced, correct?
>
Yes.
--
H.J.