This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATH] [BZ 15674] Fix reading past the array boundary in __memcmp_ssse3
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Liubov Dmitrieva <liubov dot dmitrieva at gmail dot com>
- Cc: Andreas Schwab <schwab at suse dot de>, Richard Henderson <rth at twiddle dot net>, "Carlos O'Donell" <carlos at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 26 Jun 2013 12:13:24 -0700
- Subject: Re: [PATH] [BZ 15674] Fix reading past the array boundary in __memcmp_ssse3
- References: <CAHjhQ92DBAVCozvunaCNhRgswUHcQL42Yc24pieVVU=GGBFrww at mail dot gmail dot com> <51C9BC0F dot 6030201 at twiddle dot net> <CAHjhQ93TsPdmRNvS4YbwELi3OPCFmE4AU_v97Br5xmQY86L=gA at mail dot gmail dot com> <mvmsj05kq0a dot fsf at hawking dot suse dot de> <CAHjhQ90-YhzAwOUcrkj_d_Q+KWPie4PTbmPLZ5DRyCQH5CH7fg at mail dot gmail dot com> <CAMe9rOr-jPTP4z6=_3zzjiTvSUtOrB68KHVPp9tXpNkU_6SAaQ at mail dot gmail dot com>
On Wed, Jun 26, 2013 at 11:45 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
> On Wed, Jun 26, 2013 at 8:01 AM, Liubov Dmitrieva
> <liubov.dmitrieva@gmail.com> wrote:
>> Fixed typo.
>>
>> Can anybody please commit it on my behalf, my getting access is in progress.
>>
>
> I don't think testcase is correct:
>
> + int max_length = BUF1PAGES * page_size / sizeof (CHAR);
> +
> + char * buf = (char *) malloc (sizeof (char) * max_length);
> ^^^ Shouldn't it be CHAR?
> + /* Initialize buf to the same values as buf1. */
> + memset (buf, 0xa5, max_length);
> + /* The bug requires the last compared byte to be different. */
> + buf[max_length - 1] = 0x5a;
>
> I think you should use "buf1" instead of malloc.
>
Something like this:
static void
check2 (void)
{
int max_length = page_size / sizeof (CHAR);
CHAR * buf = (CHAR *) buf2;
/* Initialize buf to the same values as buf1. The bug requires the
last compared byte to be different. */
memset (buf, 0xa5, page_size - 1);
int length;
for (length = 1; length < max_length; length++)
{
CHAR * s1 = (CHAR *) buf1 + max_length - length;
CHAR * s2 = (CHAR *) buf + max_length - length;
const int exp_result = SIMPLE_MEMCMP (s1, s2, length);
FOR_EACH_IMPL (impl, 0)
check_result (impl, s1, s2, length, exp_result);
}
}
--
H.J.