This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
[Patch] Fix bug in MIPS memcpy.S routine
- From: "Steve Ellcey " <sellcey at imgtec dot com>
- To: <newlib at sourceware dot org>
- Date: Thu, 28 Jan 2016 09:18:10 -0800
- Subject: [Patch] Fix bug in MIPS memcpy.S routine
- Authentication-results: sourceware.org; auth=none
Joseph Myers found a bug in my last change to the MIPS memcpy routine and has
fixed it in glibc. I would like to check in this patch to make the same fix
in newlib. The bug was in having a load instruction in the delay slot of a
branch instruction and if the branch was taken we would end up loading a word
beyond the end of the input being copied. The fix is to put a register move
in that delay slot instead since the move is harmless if the branch is taken
and needed if the branch is not taken.
Pointer to the glibc patch and discussion:
https://sourceware.org/ml/libc-alpha/2016-01/msg00566.html
OK to checkin the same fix to newlib?
Steve Ellcey
sellcey@imgtec.com
2016-01-28 Steve Ellcey <sellcey@imgtec.com>
* libc/machine/mips/memcpy.S (memcpy): Fix read past end of
input.
diff --git a/newlib/libc/machine/mips/memcpy.S b/newlib/libc/machine/mips/memcpy.S
index 3130f6e..21bd3b4 100644
--- a/newlib/libc/machine/mips/memcpy.S
+++ b/newlib/libc/machine/mips/memcpy.S
@@ -581,11 +581,11 @@ L(lastw):
#ifdef USE_DOUBLE
andi t8,a2,3 /* a2 is the remainder past 4 byte chunks. */
beq t8,a2,L(lastb)
+ move a2,t8
lw REG3,0(a1)
sw REG3,0(a0)
PTR_ADDIU a0,a0,4
PTR_ADDIU a1,a1,4
- move a2,t8
#endif
/* Copy the last 8 (or 16) bytes */