[PATCH] arm: fix memcpy and memmove for negative len [BZ #25620]

Florian Weimer fweimer@redhat.com
Thu Jun 4 09:16:16 GMT 2020

* Evgeny Eremin:

> Hi,
> Unsigned branch instructions could be used for r2 to fix the wrong
> behavior when a negative length is passed to memcpy and memmove
> (sysdeps/arm).
> An In-house testing hasn't reveal any functional regressions.
> Performance measurement & comparison are yet be done but the patch
> doesn't change the logic too much.
> This partially fixes CVE-2020-6096 [1] "GNU glibc ARMv7 memcpy() memory
> corruption vulnerability".
> Signed-off-by: Konstantin Karasev <k.karasev@omprussia.ru>
> Signed-off-by: Anton Rybakov <a.rybakov@omprussia.ru>
> Signed-off-by: Ildar Kamaletdinov <i.kamaletdinov@omprussia.ru>
> Signed-off-by: Alexander Anisimov <a.anisimov@omprussia.ru>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-6096

Thanks for working on this.  Is this contribution covered by a copyright
assignment to the FSF?  If not, would you be willing to file the
required paperwork with the FSF?


Do your changes fix string/tst-memmove-overflow for the baseline arm


More information about the Libc-alpha mailing list