public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug string/27961] New: memcmp-avx2-movbe.S and memcmp-evex-movbe.S potential overflow bug.
@ 2021-06-07 17:21 goldstein.w.n at gmail dot com
2021-06-07 17:21 ` [Bug string/27961] " goldstein.w.n at gmail dot com
2021-06-09 22:08 ` goldstein.w.n at gmail dot com
0 siblings, 2 replies; 3+ messages in thread
From: goldstein.w.n at gmail dot com @ 2021-06-07 17:21 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27961
Bug ID: 27961
Summary: memcmp-avx2-movbe.S and memcmp-evex-movbe.S potential
overflow bug.
Product: glibc
Version: 2.34
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: string
Assignee: unassigned at sourceware dot org
Reporter: goldstein.w.n at gmail dot com
Target Milestone: ---
This is in the same vein as another bug report for memset:
https://sourceware.org/bugzilla/show_bug.cgi?id=27960
It was introduced in commits:
author Noah Goldstein <goldstein.w.n@gmail.com>
Mon, 17 May 2021 17:57:24 +0000 (13:57 -0400)
commit 4ad473e97acdc5f6d811755b67c09f2128a644ce
And
author Noah Goldstein <goldstein.w.n@gmail.com>
Mon, 17 May 2021 17:56:52 +0000 (13:56 -0400)
commit 16d12015c57701b08d7bbed6ec536641bcafb428
The issue is that loop bounds are now calculated as follows:
void * end = s1 + len;
for (; s1 < end; ) {
// memcmp logic here
}
If len + s1 overflows is can be the case that end is less than s1 so the loop
will be skipped.
This will mean that expected behavior (Likely Segmentation Fault) will not
occur and memcmp will fail silently.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug string/27961] memcmp-avx2-movbe.S and memcmp-evex-movbe.S potential overflow bug.
2021-06-07 17:21 [Bug string/27961] New: memcmp-avx2-movbe.S and memcmp-evex-movbe.S potential overflow bug goldstein.w.n at gmail dot com
@ 2021-06-07 17:21 ` goldstein.w.n at gmail dot com
2021-06-09 22:08 ` goldstein.w.n at gmail dot com
1 sibling, 0 replies; 3+ messages in thread
From: goldstein.w.n at gmail dot com @ 2021-06-07 17:21 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27961
Noah Goldstein <goldstein.w.n at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target| |x86_64
CC| |goldstein.w.n at gmail dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug string/27961] memcmp-avx2-movbe.S and memcmp-evex-movbe.S potential overflow bug.
2021-06-07 17:21 [Bug string/27961] New: memcmp-avx2-movbe.S and memcmp-evex-movbe.S potential overflow bug goldstein.w.n at gmail dot com
2021-06-07 17:21 ` [Bug string/27961] " goldstein.w.n at gmail dot com
@ 2021-06-09 22:08 ` goldstein.w.n at gmail dot com
1 sibling, 0 replies; 3+ messages in thread
From: goldstein.w.n at gmail dot com @ 2021-06-09 22:08 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27961
Noah Goldstein <goldstein.w.n at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |NOTABUG
Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Noah Goldstein <goldstein.w.n at gmail dot com> ---
This is not a bug. Passing a length that would cause overflow is undefined
behavior.
https://marc.info/?l=glibc-alpha&m=162308797213313&w=2
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-09 22:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-07 17:21 [Bug string/27961] New: memcmp-avx2-movbe.S and memcmp-evex-movbe.S potential overflow bug goldstein.w.n at gmail dot com
2021-06-07 17:21 ` [Bug string/27961] " goldstein.w.n at gmail dot com
2021-06-09 22:08 ` goldstein.w.n at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).