This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
- From: "chris_s_jones at yahoo dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 05 Jun 2013 18:06:58 +0000
- Subject: [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=15583
Bug ID: 15583
Summary: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S
when ARM_HAS_T2 undefined
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: ports
Assignee: unassigned at sourceware dot org
Reporter: chris_s_jones at yahoo dot com
CC: carlos at redhat dot com, roland at gnu dot org
The version of strcpy.S for ARM uses the following to initialize a value in r7
to detect end-of-string.
84 @ Subtracting (unsigned saturating) from 1 for any byte means
result
85 @ of 1 for any byte that was originally zero and 0 otherwise.
86 @ Therefore we consider the lsb of each byte the "found" bit.
87 #ifdef ARCH_HAS_T2
88 movw r7, #0x0101
89 tst r0, #3 @ Test alignment of DEST
90 movt r7, #0x0101
91 #else
92 ldr ip, =0x01010101
93 tst r0, #3
94 #endif
If ARCH_HAS_T2 is not defined, then ip (r12) gets initialized rather than r7.
The subsequent code will then attempt to use the uninitialized value in r7,
which can cause strcpy() to walk past the end of the string.
--
You are receiving this mail because:
You are on the CC list for the bug.