public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug libc/13592] New: x86_64 memset buggy with large sizes
@ 2012-01-12 14:35 matz at suse dot de
2012-01-12 14:36 ` [Bug libc/13592] " matz at suse dot de
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: matz at suse dot de @ 2012-01-12 14:35 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=13592
Bug #: 13592
Summary: x86_64 memset buggy with large sizes
Product: glibc
Version: 2.15
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: matz@suse.de
Classification: Unclassified
This problem seems to exist since the x86_64 variant of memset was
improved years ago (certainly 2.11 already has the problem, as well as current
git). There are several signed compares of the size argument, whereas
it really is unsigned. Depending on situations e.g. a "memset(ptr, 0, -1)"
segfault (but for the wrong reasons, because jumping into nirvana) or
succeeds even.
In normal use this is harmless, as a size with signbit set indicates more than
half the address space which on x86_64 is impossible to allocate, but as the
size is used to index some jump tables this potentially could have other
unwanted side effects.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread* [Bug libc/13592] x86_64 memset buggy with large sizes 2012-01-12 14:35 [Bug libc/13592] New: x86_64 memset buggy with large sizes matz at suse dot de @ 2012-01-12 14:36 ` matz at suse dot de 2012-01-12 16:10 ` ppluzhnikov at google dot com ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: matz at suse dot de @ 2012-01-12 14:36 UTC (permalink / raw) To: glibc-bugs http://sourceware.org/bugzilla/show_bug.cgi?id=13592 --- Comment #1 from Michael Matz <matz at suse dot de> 2012-01-12 14:36:04 UTC --- Created attachment 6158 --> http://sourceware.org/bugzilla/attachment.cgi?id=6158 Patch for the problem This should fix the problems. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/13592] x86_64 memset buggy with large sizes 2012-01-12 14:35 [Bug libc/13592] New: x86_64 memset buggy with large sizes matz at suse dot de 2012-01-12 14:36 ` [Bug libc/13592] " matz at suse dot de @ 2012-01-12 16:10 ` ppluzhnikov at google dot com 2012-04-05 8:57 ` aj at suse dot de 2014-06-27 11:13 ` fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: ppluzhnikov at google dot com @ 2012-01-12 16:10 UTC (permalink / raw) To: glibc-bugs http://sourceware.org/bugzilla/show_bug.cgi?id=13592 Paul Pluzhnikov <ppluzhnikov at google dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ppluzhnikov at google dot | |com -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/13592] x86_64 memset buggy with large sizes 2012-01-12 14:35 [Bug libc/13592] New: x86_64 memset buggy with large sizes matz at suse dot de 2012-01-12 14:36 ` [Bug libc/13592] " matz at suse dot de 2012-01-12 16:10 ` ppluzhnikov at google dot com @ 2012-04-05 8:57 ` aj at suse dot de 2014-06-27 11:13 ` fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: aj at suse dot de @ 2012-04-05 8:57 UTC (permalink / raw) To: glibc-bugs http://sourceware.org/bugzilla/show_bug.cgi?id=13592 Andreas Jaeger <aj at suse dot de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |aj at suse dot de Resolution| |FIXED --- Comment #2 from Andreas Jaeger <aj at suse dot de> 2012-04-05 08:56:42 UTC --- Thanks for the patch, submitted to git -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/13592] x86_64 memset buggy with large sizes 2012-01-12 14:35 [Bug libc/13592] New: x86_64 memset buggy with large sizes matz at suse dot de ` (2 preceding siblings ...) 2012-04-05 8:57 ` aj at suse dot de @ 2014-06-27 11:13 ` fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2014-06-27 11:13 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=13592 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |security- -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-27 11:13 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-01-12 14:35 [Bug libc/13592] New: x86_64 memset buggy with large sizes matz at suse dot de 2012-01-12 14:36 ` [Bug libc/13592] " matz at suse dot de 2012-01-12 16:10 ` ppluzhnikov at google dot com 2012-04-05 8:57 ` aj at suse dot de 2014-06-27 11:13 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).