This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13592] New: x86_64 memset buggy with large sizes
- From: "matz at suse dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 12 Jan 2012 14:34:22 +0000
- Subject: [Bug libc/13592] New: x86_64 memset buggy with large sizes
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13592
Bug #: 13592
Summary: x86_64 memset buggy with large sizes
Product: glibc
Version: 2.15
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: matz@suse.de
Classification: Unclassified
This problem seems to exist since the x86_64 variant of memset was
improved years ago (certainly 2.11 already has the problem, as well as current
git). There are several signed compares of the size argument, whereas
it really is unsigned. Depending on situations e.g. a "memset(ptr, 0, -1)"
segfault (but for the wrong reasons, because jumping into nirvana) or
succeeds even.
In normal use this is harmless, as a size with signbit set indicates more than
half the address space which on x86_64 is impossible to allocate, but as the
size is used to index some jump tables this potentially could have other
unwanted side effects.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.