public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
@ 2013-06-05 18:07 chris_s_jones at yahoo dot com
2013-06-05 20:02 ` [Bug ports/15583] " jsm28 at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: chris_s_jones at yahoo dot com @ 2013-06-05 18:07 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15583
Bug ID: 15583
Summary: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S
when ARM_HAS_T2 undefined
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: ports
Assignee: unassigned at sourceware dot org
Reporter: chris_s_jones at yahoo dot com
CC: carlos at redhat dot com, roland at gnu dot org
The version of strcpy.S for ARM uses the following to initialize a value in r7
to detect end-of-string.
84 @ Subtracting (unsigned saturating) from 1 for any byte means
result
85 @ of 1 for any byte that was originally zero and 0 otherwise.
86 @ Therefore we consider the lsb of each byte the "found" bit.
87 #ifdef ARCH_HAS_T2
88 movw r7, #0x0101
89 tst r0, #3 @ Test alignment of DEST
90 movt r7, #0x0101
91 #else
92 ldr ip, =0x01010101
93 tst r0, #3
94 #endif
If ARCH_HAS_T2 is not defined, then ip (r12) gets initialized rather than r7.
The subsequent code will then attempt to use the uninitialized value in r7,
which can cause strcpy() to walk past the end of the string.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug ports/15583] r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
2013-06-05 18:07 [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined chris_s_jones at yahoo dot com
@ 2013-06-05 20:02 ` jsm28 at gcc dot gnu.org
2013-06-05 20:04 ` joseph at codesourcery dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2013-06-05 20:02 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15583
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rth at twiddle dot net
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug ports/15583] r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
2013-06-05 18:07 [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined chris_s_jones at yahoo dot com
2013-06-05 20:02 ` [Bug ports/15583] " jsm28 at gcc dot gnu.org
@ 2013-06-05 20:04 ` joseph at codesourcery dot com
2013-06-05 21:12 ` rth at gcc dot gnu.org
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: joseph at codesourcery dot com @ 2013-06-05 20:04 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15583
--- Comment #1 from joseph at codesourcery dot com <joseph at codesourcery dot com> ---
Richard, this is your strcpy implementation....
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug ports/15583] r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
2013-06-05 18:07 [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined chris_s_jones at yahoo dot com
2013-06-05 20:02 ` [Bug ports/15583] " jsm28 at gcc dot gnu.org
2013-06-05 20:04 ` joseph at codesourcery dot com
@ 2013-06-05 21:12 ` rth at gcc dot gnu.org
2013-06-05 22:53 ` rth at gcc dot gnu.org
2014-06-13 15:10 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: rth at gcc dot gnu.org @ 2013-06-05 21:12 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15583
Richard Henderson <rth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |rth at gcc dot gnu.org
Assignee|unassigned at sourceware dot org |rth at gcc dot gnu.org
--- Comment #2 from Richard Henderson <rth at gcc dot gnu.org> ---
Oops, a clear bug introduced during code rearrangements.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug ports/15583] r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
2013-06-05 18:07 [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined chris_s_jones at yahoo dot com
` (2 preceding siblings ...)
2013-06-05 21:12 ` rth at gcc dot gnu.org
@ 2013-06-05 22:53 ` rth at gcc dot gnu.org
2014-06-13 15:10 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: rth at gcc dot gnu.org @ 2013-06-05 22:53 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15583
Richard Henderson <rth at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |2.18
--- Comment #3 from Richard Henderson <rth at gcc dot gnu.org> ---
Fix committed: ecdaa7c9207615a1dc5882560095389a18b1e2ca
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug ports/15583] r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined
2013-06-05 18:07 [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined chris_s_jones at yahoo dot com
` (3 preceding siblings ...)
2013-06-05 22:53 ` rth at gcc dot gnu.org
@ 2014-06-13 15:10 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 15:10 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15583
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-13 15:10 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-06-05 18:07 [Bug ports/15583] New: r7 uninitialized in ports/sysdeps/arm/armv6/strcpy.S when ARM_HAS_T2 undefined chris_s_jones at yahoo dot com
2013-06-05 20:02 ` [Bug ports/15583] " jsm28 at gcc dot gnu.org
2013-06-05 20:04 ` joseph at codesourcery dot com
2013-06-05 21:12 ` rth at gcc dot gnu.org
2013-06-05 22:53 ` rth at gcc dot gnu.org
2014-06-13 15:10 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).