public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "oliveandnini at gmail dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/25620] Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096)
Date: Fri, 19 Mar 2021 01:31:10 +0000 [thread overview]
Message-ID: <bug-25620-131-owP2N1jhzk@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-25620-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=25620
Jonie Tilton <oliveandnini at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oliveandnini at gmail dot com
--- Comment #31 from Jonie Tilton <oliveandnini at gmail dot com> ---
(In reply to cvs-commit@gcc.gnu.org from comment #28)
> The master branch has been updated by Aurelien Jarno
> <aurel32@sourceware.org>:
>
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;
> h=7b5f02dc2a9278cd068a58a3db3644e24707be49
> https://happywheels2.io
> commit 7b5f02dc2a9278cd068a58a3db3644e24707be49
> Author: Aurelien Jarno <aurelien@aurel32.net>
> Date: Mon Jul 13 22:37:41 2020 +0200
>
> arm: remove string/tst-memmove-overflow XFAIL
>
> The arm string/tst-memmove-overflow XFAIL has been added in commit
> eca1b233322 ("arm: XFAIL string/tst-memmove-overflow due to bug 25620")
> as a way to reproduce the reported bug.
>
> Now that this bug has been fixed in commits 79a4fa341b8 ("arm:
> CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]")
> and beea3610507 ("arm: CVE-2020-6096: Fix multiarch memcpy for negative
> length [BZ #25620]"), let's remove the XFAIL.
>
> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Also reduce the amount of output in case of a large-scale mismatch in the
copied data.
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2021-03-19 1:31 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-25620-131@http.sourceware.org/bugzilla/>
2020-03-16 18:59 ` [Bug libc/25620] ### Summary An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a sourceware at 1936 dot ca
2020-03-16 20:19 ` [Bug libc/25620] Signed comparison vulnerability in the ARMv7 memcpy() carlos at redhat dot com
2020-03-16 20:32 ` adhemerval.zanella at linaro dot org
2020-03-26 14:24 ` regiwils at cisco dot com
2020-03-28 2:36 ` [Bug libc/25620] Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096) carlos at redhat dot com
2020-03-30 13:08 ` regiwils at cisco dot com
2020-04-02 15:24 ` carnil at debian dot org
2020-04-06 10:27 ` rearnsha at gcc dot gnu.org
2020-04-07 13:15 ` carlos at redhat dot com
2020-04-07 17:47 ` wdijkstr at arm dot com
2020-04-07 18:07 ` fweimer at redhat dot com
2020-04-07 18:50 ` wdijkstr at arm dot com
2020-04-07 20:49 ` carlos at redhat dot com
2020-04-07 20:58 ` joseph at codesourcery dot com
2020-04-08 13:34 ` nsz at gcc dot gnu.org
2020-04-08 14:09 ` wdijkstr at arm dot com
2020-04-21 14:35 ` carlos at redhat dot com
2020-04-21 14:41 ` carlos at redhat dot com
2020-05-01 13:03 ` wdijkstr at arm dot com
2020-05-01 13:28 ` regiwils at cisco dot com
2020-05-01 13:35 ` carlos at redhat dot com
2020-05-01 13:42 ` regiwils at cisco dot com
2020-05-01 15:51 ` regiwils at cisco dot com
2020-05-01 20:28 ` carlos at redhat dot com
2020-05-12 17:03 ` cvs-commit at gcc dot gnu.org
2020-05-13 14:48 ` cvs-commit at gcc dot gnu.org
2020-07-08 12:22 ` fweimer at redhat dot com
2020-07-08 16:46 ` jsm28 at gcc dot gnu.org
2020-07-16 4:57 ` cvs-commit at gcc dot gnu.org
2020-07-17 18:56 ` regiwils at cisco dot com
2020-07-17 21:24 ` carlos at redhat dot com
2021-03-19 1:31 ` oliveandnini at gmail dot com [this message]
2021-06-02 4:54 ` alucca388 at gmail dot com
2021-10-04 15:12 ` aricjoshua44 at gmail dot com
2021-11-03 9:11 ` boardgamesaz at gmail dot com
2021-11-03 9:12 ` boardgamesaz at gmail dot com
2021-11-21 15:46 ` ellasofia253 at gmail dot com
2022-11-02 2:35 ` boardgamesaz at gmail dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-25620-131-owP2N1jhzk@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).