From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id B4AA1383A61F; Sun, 29 May 2022 19:39:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B4AA1383A61F From: "zsojka at seznam dot cz" To: glibc-bugs@sourceware.org Subject: [Bug string/29197] New: __strncpy_power9() uses uninitialised register vs18 value for filling after \0 Date: Sun, 29 May 2022 19:39:12 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: string X-Bugzilla-Version: 2.35 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: zsojka at seznam dot cz X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone cf_gcctarget Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 May 2022 19:39:12 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D29197 Bug ID: 29197 Summary: __strncpy_power9() uses uninitialised register vs18 value for filling after \0 Product: glibc Version: 2.35 Status: UNCONFIRMED Severity: normal Priority: P2 Component: string Assignee: unassigned at sourceware dot org Reporter: zsojka at seznam dot cz Target Milestone: --- Target: powerpc64le-unknown-linux-gnu Hello, originally reported as a gcc bug at https://gcc.gnu.org/PR105744 , but it w= as analysed by Kewen Lin to be an issue in the glibc implementation. The following program: $ cat test_strncpy.c #include #include #define N 3 char a[N]; char c[N]; int main (void) { __asm__ volatile ("xxspltib 18, 0xf":::"vs18"); strncpy (c, a, N); for (unsigned i =3D 0; i < N; i++) if (c[i]) abort (); return 0; } $ powerpc64le-unknown-linux-gnu-gcc test_strncpy.c -static $ qemu-ppc64le -- ./a.out=20 qemu: uncaught target signal 6 (Aborted) - core dumped Aborted fails, with the value of c[] being: (gdb) p c $1 =3D "\000\015\015" Quoting Kewen Lin: --------------------- In https://sourceware.org/git/?p=3Dglibc.git;a=3Dblob_plain;f=3Dsysdeps/powerp= c/powerpc64/le/power9/strncpy.S lbz r0,0(r4) stb r0,0(r3) addi r11,r3,1 addi r5,r5,-1 vspltisb v18,0 /* Zeroes in v18 */ ... L(zero_padding_end): sldi r10,r5,56 /* stxvl wants size in top 8 bits */ stxvl v18,r11,r10 /* Partial store */ blr The code at label "zero_padding_end" is supposed to use v18, but the stxvl = will take the 18 as vsx No. instead of vr No, so it ends up to use the wrong register vs18 instead of v18 for the store. --------------------- Disassembling the object code shows the registers used (v18 / vs18): ... 0x0000000010022f10 <+16>: lbz r0,0(r4) 0x0000000010022f14 <+20>: stb r0,0(r3) 0x0000000010022f18 <+24>: addi r11,r3,1 0x0000000010022f1c <+28>: addi r5,r5,-1 0x0000000010022f20 <+32>: vspltisb v18,0 ... 0x000000001002319c <+668>: rldicr r10,r5,56,7 0x00000000100231a0 <+672>: stxvl vs18,r11,r10 0x00000000100231a4 <+676>: blr --=20 You are receiving this mail because: You are on the CC list for the bug.=