[Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction

[Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

            Bug ID: 31934
           Summary: wcsncmp crash on s390x on vlbb instruction
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: string
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
                CC: stli at linux dot ibm.com
  Target Milestone: ---
            Target: s390x-linux-gnu

This test case:

“
#include <string.h>
#include <support/check.h>
#include <support/next_to_fault.h>
#include <wchar.h>

enum { buffer_length = 80 };

static int
do_test (void)
{
  struct support_next_to_fault left_ntf
    = support_next_to_fault_allocate (buffer_length * sizeof (wchar_t));
  wchar_t *left_buffer = (wchar_t *) left_ntf.buffer;
  wmemset (left_buffer, L'A', buffer_length);
  struct support_next_to_fault right_ntf
    = support_next_to_fault_allocate (buffer_length * sizeof (wchar_t));
  wchar_t *right_buffer = (wchar_t *) right_ntf.buffer;
  wmemset (right_buffer, L'A', buffer_length);

  TEST_COMPARE (wcsncmp (left_buffer, right_buffer + buffer_length - 1, 1),
                0);
  return 0;
}

#include <support/test-driver.c>
“

crashes on s390x at line 71 in sysdeps/s390/wcsncmp-vx.S:

66              l       %r1,0(%r3)
67              je      .Lend_cmp_one_char
68              crjne   %r0,%r1,.Lend_cmp_one_char
69
70      .Lloop:
71              vlbb    %v17,0(%r5,%r3),6 /* Load s2 to block boundary.  */
72              vlbb    %v16,0(%r5,%r2),6 /* Load s1 to block boundary.  */
73              lcbb    %r0,0(%r5,%r2),6 /* Get loaded byte count of s1.  */
74              jo      .Llt16_1        /* Jump away if vector not fully
loaded.  */
75              lcbb    %r1,0(%r5,%r3),6 /* Get loaded byte count of s2.  */

(gdb) print $r5
$1 = 4
(gdb) print/x $r3
$2 = 0x3fff7ff3ffc

The first and second arguments were 0x3fff7ff5ec0 and 0x3fff7ff3ffc.

I believe these are valid inputs to wcsncmp under the most rigid interpretation
of the standard.

Found through systematic testing, no application impact known.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[carlos at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos at redhat dot com

--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Florian Weimer from comment #0)
>   wmemset (left_buffer, L'A', buffer_length);
>   struct support_next_to_fault right_ntf
>     = support_next_to_fault_allocate (buffer_length * sizeof (wchar_t));
>   wchar_t *right_buffer = (wchar_t *) right_ntf.buffer;
>   wmemset (right_buffer, L'A', buffer_length);
> 
>   TEST_COMPARE (wcsncmp (left_buffer, right_buffer + buffer_length - 1, 1),
>                 0);

You wmemset both buffers to full length with L'A' (80 wide-character codes),
but do not null terminate them.

Use of support_next_to_fault_allocate puts the last L'A' at the end of page
next to a faulting page.

You then proceed to compare both buffers, but on the right buffer you start at
one character before the end.

The POSIX standard notes "wide-character codes that follow a null
wide-character code are not compared"

The call to wcsncmp asks for at most 1 wide-character code to be compared.

This looks entirely valid to me. It should return 0 since L'A' == L'A' within
the length specified.

I would have expected that string/test-strncmp, which has wcsncmp support would
test this?

Why doesn't wcsmbs/test-wcsncmp.c catch this case? It has very similar tests?
Not a tight enough bound?

Stefan Liebler added this test specifically for work being done on s390x that
should catch this.

> crashes on s390x at line 71 in sysdeps/s390/wcsncmp-vx.S:

This should not crash, and I assume it is an overread of the right_buffer in
the vector case.

> 66              l       %r1,0(%r3)
> 67              je      .Lend_cmp_one_char
> 68              crjne   %r0,%r1,.Lend_cmp_one_char
> 69
> 70      .Lloop:
> 71              vlbb    %v17,0(%r5,%r3),6 /* Load s2 to block boundary.  */
> 72              vlbb    %v16,0(%r5,%r2),6 /* Load s1 to block boundary.  */
> 73              lcbb    %r0,0(%r5,%r2),6 /* Get loaded byte count of s1.  */
> 74              jo      .Llt16_1        /* Jump away if vector not fully
> loaded.  */
> 75              lcbb    %r1,0(%r5,%r3),6 /* Get loaded byte count of s2.  */
> 
> (gdb) print $r5
> $1 = 4
> (gdb) print/x $r3
> $2 = 0x3fff7ff3ffc
> 
> The first and second arguments were 0x3fff7ff5ec0 and 0x3fff7ff3ffc.
> 
> I believe these are valid inputs to wcsncmp under the most rigid
> interpretation of the standard.
> 
> Found through systematic testing, no application impact known.

It would be good to know if this is a 1-byte overread or more.

I see Stefan is already on CC for the issue.

Thanks for the extra testing!

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[stli at linux dot ibm.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #2 from Stefan Liebler <stli at linux dot ibm.com> ---
Yes, you are right. This should not crash. This is a bug.
Thanks for the extra-testing and the report. I will look into it.

Do you plan to bring your extra-tests upstream?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com

--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Stefan Liebler from comment #2)
> Yes, you are right. This should not crash. This is a bug.
> Thanks for the extra-testing and the report. I will look into it.
> 
> Do you plan to bring your extra-tests upstream?

It was found by the test from this patch:

[PATCH] manual: Document a GNU extension for strncmp/wcsncmp
<https://inbox.sourceware.org/libc-alpha/87r0cipcps.fsf@igel.home/>

But I don't know if the test will be considered fast enough for general
inclusion.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[stli at linux dot ibm.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #4 from Stefan Liebler <stli at linux dot ibm.com> ---
FYI: I've just posted this patch:
[PATCH] s390x: Fix segfault in wcsncmp [BZ #31934]
https://sourceware.org/pipermail/libc-alpha/2024-July/158265.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #5 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Stefan Liebler <stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b7651410375ec8848a1944992d663d514db4ba7

commit 9b7651410375ec8848a1944992d663d514db4ba7
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[stli at linux dot ibm.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

Stefan Liebler <stli at linux dot ibm.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |2.40
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #6 from Stefan Liebler <stli at linux dot ibm.com> ---
Fixed with the commit mentioned in previous comment.

I plan to backport it to older release-branches.

I've asked on the mailing-list:
https://sourceware.org/pipermail/libc-alpha/2024-July/158273.html
'''
Note that the wcsncmp implementation was introduced in glibc 2.23:
https://sourceware.org/git/?p=glibc.git;a=commit;h=cee82e70ccb7b2f054cd781b0a603ae244523e72
'S390: Optimize strncmp and wcsncmp.'

Can you please advice which release-branches are maintained and to which
one I should backport them?
To all from glibc 2.39 down to 2.23?
'''

I will post the backported commits as soon as done.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #7 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.39/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5c46e6b66636be0010e9a732d5ba1e65ebd54687

commit 5c46e6b66636be0010e9a732d5ba1e65ebd54687
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #8 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.38/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=712453634c8efd71a9b3ff0122145a9e90e9955c

commit 712453634c8efd71a9b3ff0122145a9e90e9955c
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #9 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.37/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=340ca2d5148371614c234068f430c19293f962dc

commit 340ca2d5148371614c234068f430c19293f962dc
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #10 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.36/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a70c55a91b2b361f43e4142aadf86f22af57d406

commit a70c55a91b2b361f43e4142aadf86f22af57d406
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #11 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7cd62653850135bc880688a78104dbf77cf8121

commit c7cd62653850135bc880688a78104dbf77cf8121
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #12 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=87fa7bfb84895bb517beb8aaf92bd45b829daabb

commit 87fa7bfb84895bb517beb8aaf92bd45b829daabb
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #13 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.33/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5f08d1df2c07904c1dc98bdf2b363c65874266f7

commit 5f08d1df2c07904c1dc98bdf2b363c65874266f7
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #14 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.32/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ad449c398a845a9c84808e4ac603beaa1006909

commit 5ad449c398a845a9c84808e4ac603beaa1006909
Author: Stefan Liebler <stli@linux.ibm.com>
Date:   Thu Jul 11 11:28:53 2024 +0200

    s390x: Fix segfault in wcsncmp [BZ #31934]

    The z13/vector-optimized wcsncmp implementation segfaults if n=1
    and there is only one character (equal on both strings) before
    the page end.  Then it loads and compares one character and misses
    to check n again.  The following load fails.

    This patch removes the extra load and compare of the first character
    and just start with the loop which uses vector-load-to-block-boundary.
    This code-path also checks n.

    With this patch both tests are passing:
    - the simplified one mentioned in the bugzilla 31934
    - the full one in Florian Weimer's patch:
    "manual: Document a GNU extension for strncmp/wcsncmp"
   
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
    On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

    (cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[stli at linux dot ibm.com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #15 from Stefan Liebler <stli at linux dot ibm.com> ---
As information:
I've just cherry-picked the commit 9b7651410375ec8848a1944992d663d514db4ba7
s390x: Fix segfault in wcsncmp [BZ #31934]
to the current branches (https://sourceware.org/glibc/wiki/Release)
glibc-2.32-39:
- 2.39: commit 5c46e6b66636be0010e9a732d5ba1e65ebd54687
- 2.38: commit 712453634c8efd71a9b3ff0122145a9e90e9955c
- 2.37: commit 340ca2d5148371614c234068f430c19293f962dc
- 2.36: commit a70c55a91b2b361f43e4142aadf86f22af57d406
- 2.35: commit c7cd62653850135bc880688a78104dbf77cf8121
- 2.34: commit 87fa7bfb84895bb517beb8aaf92bd45b829daabb
- 2.33: commit 5f08d1df2c07904c1dc98bdf2b363c65874266f7
- 2.32: commit 5ad449c398a845a9c84808e4ac603beaa1006909

In case somebody needs the fix for older glibc releases (issue was introduced
with glibc 2.23), feel free to just cherry-pick it. Note, that the file was
moved from sysdeps/s390/multiarch/wcsncmp-vx.S to sysdeps/s390/wcsncmp-vx.S
with commit e9873e1d47c870d707117ada91c9be21e3bf1537 (in glibc 2.29), but the
implementation does not differ.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #16 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Florian Weimer <fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54252394c25ddf0062e288d4a6ab7a885f8ae009

commit 54252394c25ddf0062e288d4a6ab7a885f8ae009
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jun 27 16:26:56 2024 +0200

    Enhanced test coverage for strncmp, wcsncmp

    Add string/test-strncmp-nonarray and
    wcsmbs/test-wcsncmp-nonarray.

    This is the test that uncovered bug 31934.  Test run time
    is more than one minute on a fairly current system, so turn
    these into xtests that do not run automatically.

    Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #17 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.40/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46f19b234244f4654b9e3898ac1c27de86068222

commit 46f19b234244f4654b9e3898ac1c27de86068222
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jun 27 16:26:56 2024 +0200

    Enhanced test coverage for strncmp, wcsncmp

    Add string/test-strncmp-nonarray and
    wcsmbs/test-wcsncmp-nonarray.

    This is the test that uncovered bug 31934.  Test run time
    is more than one minute on a fairly current system, so turn
    these into xtests that do not run automatically.

    Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
    (cherry picked from commit 54252394c25ddf0062e288d4a6ab7a885f8ae009)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug string/31934] wcsncmp crash on s390x on vlbb instruction

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31934

--- Comment #18 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.39/master branch has been updated by Florian Weimer
<fw@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=127ef30c46586cfe9fa3e19ad074280b139c84c4

commit 127ef30c46586cfe9fa3e19ad074280b139c84c4
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jun 27 16:26:56 2024 +0200

    Enhanced test coverage for strncmp, wcsncmp

    Add string/test-strncmp-nonarray and
    wcsmbs/test-wcsncmp-nonarray.

    This is the test that uncovered bug 31934.  Test run time
    is more than one minute on a fairly current system, so turn
    these into xtests that do not run automatically.

    Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
    (cherry picked from commit 54252394c25ddf0062e288d4a6ab7a885f8ae009)

-- 
You are receiving this mail because:
You are on the CC list for the bug.