From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-10793-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Received: (qmail 32559 invoked by alias); 28 Jan 2010 02:54:40 -0000
Received: (qmail 32522 invoked by uid 48); 28 Jan 2010 02:54:28 -0000
Date: Thu, 28 Jan 2010 02:54:00 -0000
From: "jrnieder at gmail dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sources.redhat.com
Message-ID: <20100128025427.11230.jrnieder@gmail.com>
Reply-To: sourceware-bugzilla@sourceware.org
Subject: [Bug libc/11230] New: memchr overshoots on ia64
X-Bugzilla-Reason: CC
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
X-SW-Source: 2010-01/txt/msg00140.txt.bz2

memchr can find a location past the end of its buffer:

#include <sys/stat.h>
#include <sys/mman.h>
#include <fcntl.h>

int main(int argc, const char * const argv[])
{
    struct stat st;
    lstat(argv[1], &st);

    int fd = open(argv[1], O_RDONLY);
    void *data = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
    void *t = memchr(data, 0, st.st_size);
    printf("ptr: %p, ret: %p, len: 0x%zx\n", data, t, st.st_size);
    return 0;
}

Example output:
| % ./test /etc/passwd
| ptr: 0x2000000000050000, ret: 0x200000000005040e, len: 0x40e

Tested using Debian libc6.1 2.10.2-5, whose memchr.S matches current glibc HEAD. 
Discovered because git diff uses similar code looking for null bytes to detect 
binary files.

Unfortunately, I do not have an ia64 to test this myself.  Still, I thought you 
might want to know.  Please let me know if any other details would be helpful.

See http://bugs.debian.org/563882 for the original report.  Thanks to Bastian 
Blank for the test case.

-- 
           Summary: memchr overshoots on ia64
           Product: glibc
           Version: 2.11
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: hjl dot tools at gmail dot com
        ReportedBy: jrnieder at gmail dot com
                CC: glibc-bugs at sources dot redhat dot com
 GCC build triplet: ia64-unknown-linux-gnu
  GCC host triplet: ia64-unknown-linux-gnu
GCC target triplet: ia64-unknown-linux-gnu


http://sourceware.org/bugzilla/show_bug.cgi?id=11230

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.