From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 02C913858CDB; Wed,  1 Mar 2023 16:45:01 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 02C913858CDB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1677689102;
	bh=wylaouQlzZUTl3pnIXRSaRre5B5mHEABWiGuyZ1Iqjs=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=CLK2J7mkv5QuhtrMTyvh/mau85Ko9bdncJyZ7zGZDBdignhb+BsWJM+qkRIFFb9j0
	 GjMA44ewwSXxEp4rBGg+qEBmTKYO+rAoUsNn8CvL5lldsK7iBQ7wrUDL6o1dvHVeWK
	 uaGLfZuYAdvZIoum0CNsg3k1T4XZBhdJ0beRmXrU=
From: "carlos at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug string/29591] wcsnlen length can overflow in page cross case.
Date: Wed, 01 Mar 2023 16:45:01 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: string
X-Bugzilla-Version: 2.36
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: carlos at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: 2.38
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: resolution target_milestone bug_status cc
Message-ID: <bug-29591-131-BOjaFthEoT@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-29591-131@http.sourceware.org/bugzilla/>
References: <bug-29591-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <glibc-bugs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D29591

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
   Target Milestone|---                         |2.38
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |carlos at redhat dot com

--- Comment #2 from Carlos O'Donell <carlos at redhat dot com> ---
Fixed in master, 2.37, 2.36, 2.35, 2.34, and 2.33.

commit b0969fa53a28b4ab2159806bf6c99a98999502ee
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Tue Sep 20 17:58:04 2022 -0700

    x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591]

    Previous implementation was adjusting length (rsi) to match
    bytes (eax), but since there is no bound to length this can cause
    overflow.

    Fix is to just convert the byte-count (eax) to length by dividing by
    sizeof (wchar_t) before the comparison.

    Full check passes on x86-64 and build succeeds w/ and w/o multiarch.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=