This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH]: Use RAX_LP/RDX_LP on SAVE_PTR in sysdeps/x86_64/strtok.S


On Wed, Jun 13, 2012 at 2:26 PM, Roland McGrath <roland@hack.frob.com> wrote:
> Now I see what actually matters about the test. ?You don't really need
> something machine-dependent. ?You can make sure they're adjacent just by
> putting them together in a struct, and making it a global variable to
> ensure the compiler doesn't optimize away the adjacency. ?Or you could use
> a more direct paranoia test by putting SAVEPTR into a struct with uintptr_t
> magic-number fields on either side and ensuring they don't get clobbered.
>
> But the way that we usually test for this kind of bug is to mmap a two-page
> region, mprotect the second page to PROT_NONE, and then use:
> ? ? ? ?char **saveptrp = page + page_size - sizeof (*saveptrp)
>
> It probably makes sense to use test-string.h to do the setup for you,
> since we already have it.
>
> To be really thorough, you could also do a second variant that puts SAVEPTR
> at the beginning of a page and checks for the other direction of overrun.
> But that's probably overkill, and test-string.h's machinery is not handy
> for that.
>

Here is a patch to implement those.  I also use
LP_SIZE on save_ptr.  OK to install?

Thanks.


-- 
H.J.
---
	[BZ #14229]
	* string/Makefile (tests): Add tst-strtok_r and tst-strtok_r2.
	* string/tst-strtok_r.c: New file.
	* string/tst-strtok_r2.c: Likewise.
	* sysdeps/x86_64/strtok.S: Use LP_SIZE on save_ptr and use
	RAX_LP/RDX_LP on SAVE_PTR.

diff --git a/string/Makefile b/string/Makefile
index 80923a2..d9aef03 100644
--- a/string/Makefile
+++ b/string/Makefile
@@ -56,7 +56,7 @@ tests		:= tester inl-tester noinl-tester testcopy test-ffs	\
 		   tst-strtok tst-strxfrm bug-strcoll1 tst-strfry	\
 		   bug-strtok1 $(addprefix test-,$(strop-tests))	\
 		   bug-envz1 tst-strxfrm2 tst-endian tst-svc2		\
-		   bug-strstr1 bug-strchr1
+		   bug-strstr1 bug-strchr1 tst-strtok_r tst-strtok_r2


 include ../Rules
diff --git a/string/tst-strtok_r.c b/string/tst-strtok_r.c
new file mode 100644
index 0000000..fe11cd6
--- /dev/null
+++ b/string/tst-strtok_r.c
@@ -0,0 +1,36 @@
+/* Test strtok_r regression for BZ #14229.
+   Copyright (C) 2012 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <string.h>
+
+/* Verify updating SAVEPTR won't override the first few bytes in LINE.  */
+struct
+  {
+    char *saveptr;
+    char line[];
+  } data = { 0, "udf 75868 1 - Live 0xffffffffa0bfb000\n" };
+
+static int
+do_test (void)
+{
+  char *tok = strtok_r (data.line, " \t", &data.saveptr);
+  return strcmp (tok, "udf") != 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/string/tst-strtok_r2.c b/string/tst-strtok_r2.c
new file mode 100644
index 0000000..b40a837
--- /dev/null
+++ b/string/tst-strtok_r2.c
@@ -0,0 +1,37 @@
+/* Test strtok_r regression for BZ #14229.
+   Copyright (C) 2012 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#define TEST_MAIN
+#define BUF1PAGES 1
+#include "test-string.h"
+
+int
+test_main (void)
+{
+  char line[] = "udf 75868 1 - Live 0xffffffffa0bfb000\n";
+  char **saveptrp;
+  char *tok;
+
+  test_init ();
+
+  saveptrp = (char **) (buf1 + page_size - sizeof (*saveptrp));
+  tok = strtok_r (line, " \t", saveptrp);
+  return strcmp (tok, "udf") != 0;
+}
+
+#include "../test-skeleton.c"
diff --git a/sysdeps/x86_64/strtok.S b/sysdeps/x86_64/strtok.S
index 150f4d6..fe4a947 100644
--- a/sysdeps/x86_64/strtok.S
+++ b/sysdeps/x86_64/strtok.S
@@ -1,6 +1,6 @@
 /* strtok (str, delim) -- Return next DELIM separated token from STR.
    For AMD x86-64.
-   Copyright (C) 1998,2000-2003,2005,2006 Free Software Foundation, Inc.
+   Copyright (C) 1998-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Based on i686 version contributed by Ulrich Drepper
    <drepper@cygnus.com>, 1998.
@@ -45,9 +45,9 @@
 	.bss
 	.local save_ptr
 	ASM_TYPE_DIRECTIVE (save_ptr, @object)
-	.size save_ptr, 8
+	.size save_ptr, LP_SIZE
 save_ptr:
-	.space 8
+	.space LP_SIZE

 # ifdef PIC
 #  define SAVE_PTR save_ptr(%rip)
@@ -79,13 +79,12 @@ ENTRY (BP_SYM (FUNCTION))

 #ifdef USE_AS_STRTOK_R
 	/* The value is stored in the third argument.  */
-	movq %rdx, %rax
-	movq %rdx, %r9		/* Save value - see def. of SAVE_PTR.  */
-	movq (%rax), %rax
+	mov %RDX_LP, %R9_LP	/* Save value - see def. of SAVE_PTR.  */
+	mov (%rdx), %RAX_LP
 #else
 	/* The value is in the local variable defined above.  But
 	   we have to take care for PIC code.  */
-	movq SAVE_PTR, %rax
+	mov SAVE_PTR, %RAX_LP
 #endif
 	movq %r8, %rdx		/* Get start of string.  */

@@ -194,7 +193,7 @@ L(8):	cmpq %rax, %rdx
 	cmovne %rcx, %rdx

 	/* Store the pointer to the next character.  */
-	movq %rdx, SAVE_PTR
+	mov %RDX_LP, SAVE_PTR

 L(epilogue):
 	/* Remove the stopset table.  */
@@ -205,7 +204,7 @@ L(epilogue):
 L(returnNULL):
 	xorl %eax, %eax
 	/* Store the pointer to the next character.  */
-	movq %rdx, SAVE_PTR
+	mov %RDX_LP, SAVE_PTR
 	jmp L(epilogue)

 END (BP_SYM (FUNCTION))


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]