[PATCH] arm: fix memcpy and memmove for negative len [BZ #25620]
Florian Weimer
fweimer@redhat.com
Thu Jun 4 09:16:16 GMT 2020
* Evgeny Eremin:
> Hi,
>
> Unsigned branch instructions could be used for r2 to fix the wrong
> behavior when a negative length is passed to memcpy and memmove
> (sysdeps/arm).
>
> An In-house testing hasn't reveal any functional regressions.
> Performance measurement & comparison are yet be done but the patch
> doesn't change the logic too much.
>
> This partially fixes CVE-2020-6096 [1] "GNU glibc ARMv7 memcpy() memory
> corruption vulnerability".
>
> Signed-off-by: Konstantin Karasev <k.karasev@omprussia.ru>
> Signed-off-by: Anton Rybakov <a.rybakov@omprussia.ru>
> Signed-off-by: Ildar Kamaletdinov <i.kamaletdinov@omprussia.ru>
> Signed-off-by: Alexander Anisimov <a.anisimov@omprussia.ru>
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-6096
Thanks for working on this. Is this contribution covered by a copyright
assignment to the FSF? If not, would you be willing to file the
required paperwork with the FSF?
<https://sourceware.org/glibc/wiki/Contribution%20checklist#FSF_copyright_Assignment>
Do your changes fix string/tst-memmove-overflow for the baseline arm
implementation?
Florian
More information about the Libc-alpha
mailing list