[Bug string/24097] Can't use 64-bit register for size_t in assembly codes for x32 (CVE-2019-6488)
cvs-commit at gcc dot gnu.org
sourceware-bugzilla@sourceware.org
Sat Feb 2 14:05:00 GMT 2019
https://sourceware.org/bugzilla/show_bug.cgi?id=24097
--- Comment #13 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.25/master has been updated
via f728a542bf8f9f30709f8d16a5cfceaa060956ce (commit)
via 3a84199109d2baedd76849fa6743e773852ecccf (commit)
via c69b892fea74b025ca300005f2971f6a872d8497 (commit)
via 80647620ced948090360fb6bd62eba4bf1c6436d (commit)
via 59c463c4ea16d1e68f2ba6541245ada44b098f8e (commit)
via e6597e77d1320fea52d73a2434066f44cb04872e (commit)
via 97a5229eafded22c0fd86e3a0b6bf1ad6d804666 (commit)
via 8d525c4a76dcb8e2ebf4f9897e5818b0c2f568d9 (commit)
from 6b95c49d8e2b0bea8b2edcf13827e37e477fb19e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f728a542bf8f9f30709f8d16a5cfceaa060956ce
commit f728a542bf8f9f30709f8d16a5cfceaa060956ce
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:24:08 2019 -0800
x86-64 strnlen/wcsnlen: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes strnlen/wcsnlen for x32. Tested on x86-64 and x32. On
x86-64, libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/strlen.S: Use RSI_LP for length.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-strnlen.
* sysdeps/x86_64/x32/tst-size_t-strnlen.c: New file.
(cherry picked from commit 5165de69c0908e28a380cbd4bb054e55ea4abc95)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3a84199109d2baedd76849fa6743e773852ecccf
commit 3a84199109d2baedd76849fa6743e773852ecccf
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:23:23 2019 -0800
x86-64 strncpy: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes strncpy for x32. Tested on x86-64 and x32. On x86-64,
libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: Use RDX_LP
for length.
* sysdeps/x86_64/multiarch/strcpy-ssse3.S: Likewise.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-strncpy.
* sysdeps/x86_64/x32/tst-size_t-strncpy.c: New file.
(cherry picked from commit c7c54f65b080affb87a1513dee449c8ad6143c8b)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c69b892fea74b025ca300005f2971f6a872d8497
commit c69b892fea74b025ca300005f2971f6a872d8497
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:22:33 2019 -0800
x86-64 strncmp family: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes the strncmp family for x32. Tested on x86-64 and x32.
On x86-64, libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/multiarch/strcmp-sse42.S: Use RDX_LP for length.
* sysdeps/x86_64/strcmp.S: Likewise.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-strncasecmp,
tst-size_t-strncmp and tst-size_t-wcsncmp.
* sysdeps/x86_64/x32/tst-size_t-strncasecmp.c: New file.
* sysdeps/x86_64/x32/tst-size_t-strncmp.c: Likewise.
* sysdeps/x86_64/x32/tst-size_t-wcsncmp.c: Likewise.
(cherry picked from commit ee915088a0231cd421054dbd8abab7aadf331153)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=80647620ced948090360fb6bd62eba4bf1c6436d
commit 80647620ced948090360fb6bd62eba4bf1c6436d
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:21:41 2019 -0800
x86-64 memset/wmemset: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes memset/wmemset for x32. Tested on x86-64 and x32. On
x86-64, libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S: Use
RDX_LP for length. Clear the upper 32 bits of RDX register.
* sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S: Likewise.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memset.
* sysdeps/x86_64/x32/tst-size_t-memset.c: New file.
(cherry picked from commit 82d0b4a4d76db554eb6757acb790fcea30b19965)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=59c463c4ea16d1e68f2ba6541245ada44b098f8e
commit 59c463c4ea16d1e68f2ba6541245ada44b098f8e
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:20:54 2019 -0800
x86-64 memrchr: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes memrchr for x32. Tested on x86-64 and x32. On x86-64,
libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/memrchr.S: Use RDX_LP for length.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memrchr.
* sysdeps/x86_64/x32/tst-size_t-memrchr.c: New file.
(cherry picked from commit ecd8b842cf37ea112e59cd9085ff1f1b6e208ae0)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e6597e77d1320fea52d73a2434066f44cb04872e
commit e6597e77d1320fea52d73a2434066f44cb04872e
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:20:06 2019 -0800
x86-64 memcpy: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes memcpy for x32. Tested on x86-64 and x32. On x86-64,
libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/multiarch/memcpy-ssse3-back.S: Use RDX_LP for
length. Clear the upper 32 bits of RDX register.
* sysdeps/x86_64/multiarch/memcpy-ssse3.S: Likewise.
* sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S:
Likewise.
* sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:
Likewise.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcpy.
tst-size_t-wmemchr.
* sysdeps/x86_64/x32/tst-size_t-memcpy.c: New file.
(cherry picked from commit 231c56760c1e2ded21ad96bbb860b1f08c556c7a)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97a5229eafded22c0fd86e3a0b6bf1ad6d804666
commit 97a5229eafded22c0fd86e3a0b6bf1ad6d804666
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:19:07 2019 -0800
x86-64 memcmp/wmemcmp: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes memcmp/wmemcmp for x32. Tested on x86-64 and x32. On
x86-64, libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/multiarch/memcmp-sse4.S: Use RDX_LP for length.
Clear the upper 32 bits of RDX register.
* sysdeps/x86_64/multiarch/memcmp-ssse3.S: Likewise.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp and
tst-size_t-wmemcmp.
* sysdeps/x86_64/x32/tst-size_t-memcmp.c: New file.
* sysdeps/x86_64/x32/tst-size_t-wmemcmp.c: Likewise.
(cherry picked from commit b304fc201d2f6baf52ea790df8643e99772243cd)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8d525c4a76dcb8e2ebf4f9897e5818b0c2f568d9
commit 8d525c4a76dcb8e2ebf4f9897e5818b0c2f568d9
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Feb 1 12:17:09 2019 -0800
x86-64 memchr/wmemchr: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits. The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.
This pach fixes memchr/wmemchr for x32. Tested on x86-64 and x32. On
x86-64, libc.so is the same with and withou the fix.
[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/memchr.S: Use RDX_LP for length. Clear the
upper 32 bits of RDX register.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memchr.
* sysdeps/x86_64/x32/test-size_t.h: New file.
* sysdeps/x86_64/x32/tst-size_t-memchr.c: Likewise.
(cherry picked from commit 97700a34f36721b11a754cf37a1cc40695ece1fd)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 85 ++++++++++++++++++++
NEWS | 7 ++
sysdeps/x86_64/memchr.S | 7 +-
sysdeps/x86_64/memrchr.S | 4 +-
sysdeps/x86_64/multiarch/memcmp-sse4.S | 9 ++-
sysdeps/x86_64/multiarch/memcmp-ssse3.S | 7 +-
sysdeps/x86_64/multiarch/memcpy-ssse3-back.S | 17 +++--
sysdeps/x86_64/multiarch/memcpy-ssse3.S | 17 +++--
.../multiarch/memmove-avx512-no-vzeroupper.S | 16 +++--
.../x86_64/multiarch/memmove-vec-unaligned-erms.S | 46 ++++++-----
.../x86_64/multiarch/memset-avx512-no-vzeroupper.S | 6 +-
.../x86_64/multiarch/memset-vec-unaligned-erms.S | 26 ++++--
sysdeps/x86_64/multiarch/strcmp-sse42.S | 6 +-
sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S | 4 +-
sysdeps/x86_64/multiarch/strcpy-ssse3.S | 6 +-
sysdeps/x86_64/strcmp.S | 6 +-
sysdeps/x86_64/strlen.S | 10 +-
sysdeps/x86_64/x32/Makefile | 10 +++
sysdeps/x86_64/x32/test-size_t.h | 35 ++++++++
sysdeps/x86_64/x32/tst-size_t-memchr.c | 72 +++++++++++++++++
sysdeps/x86_64/x32/tst-size_t-memcmp.c | 76 +++++++++++++++++
sysdeps/x86_64/x32/tst-size_t-memcpy.c | 58 +++++++++++++
sysdeps/x86_64/x32/tst-size_t-memrchr.c | 57 +++++++++++++
sysdeps/x86_64/x32/tst-size_t-memset.c | 73 +++++++++++++++++
sysdeps/x86_64/x32/tst-size_t-strncasecmp.c | 59 ++++++++++++++
sysdeps/x86_64/x32/tst-size_t-strncmp.c | 78 ++++++++++++++++++
sysdeps/x86_64/x32/tst-size_t-strncpy.c | 58 +++++++++++++
sysdeps/x86_64/x32/tst-size_t-strnlen.c | 72 +++++++++++++++++
sysdeps/x86_64/x32/tst-size_t-wcsncmp.c | 20 +++++
sysdeps/x86_64/x32/tst-size_t-wmemcmp.c | 20 +++++
30 files changed, 895 insertions(+), 72 deletions(-)
create mode 100644 sysdeps/x86_64/x32/test-size_t.h
create mode 100644 sysdeps/x86_64/x32/tst-size_t-memchr.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-memcmp.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-memcpy.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-memrchr.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-memset.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-strncasecmp.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-strncmp.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-strncpy.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-strnlen.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-wcsncmp.c
create mode 100644 sysdeps/x86_64/x32/tst-size_t-wmemcmp.c
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Glibc-bugs
mailing list