* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
@ 2024-06-28 11:59 ` carlos at redhat dot com
2024-07-01 13:06 ` stli at linux dot ibm.com
` (16 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: carlos at redhat dot com @ 2024-06-28 11:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlos at redhat dot com
--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Florian Weimer from comment #0)
> wmemset (left_buffer, L'A', buffer_length);
> struct support_next_to_fault right_ntf
> = support_next_to_fault_allocate (buffer_length * sizeof (wchar_t));
> wchar_t *right_buffer = (wchar_t *) right_ntf.buffer;
> wmemset (right_buffer, L'A', buffer_length);
>
> TEST_COMPARE (wcsncmp (left_buffer, right_buffer + buffer_length - 1, 1),
> 0);
You wmemset both buffers to full length with L'A' (80 wide-character codes),
but do not null terminate them.
Use of support_next_to_fault_allocate puts the last L'A' at the end of page
next to a faulting page.
You then proceed to compare both buffers, but on the right buffer you start at
one character before the end.
The POSIX standard notes "wide-character codes that follow a null
wide-character code are not compared"
The call to wcsncmp asks for at most 1 wide-character code to be compared.
This looks entirely valid to me. It should return 0 since L'A' == L'A' within
the length specified.
I would have expected that string/test-strncmp, which has wcsncmp support would
test this?
Why doesn't wcsmbs/test-wcsncmp.c catch this case? It has very similar tests?
Not a tight enough bound?
Stefan Liebler added this test specifically for work being done on s390x that
should catch this.
> crashes on s390x at line 71 in sysdeps/s390/wcsncmp-vx.S:
This should not crash, and I assume it is an overread of the right_buffer in
the vector case.
> 66 l %r1,0(%r3)
> 67 je .Lend_cmp_one_char
> 68 crjne %r0,%r1,.Lend_cmp_one_char
> 69
> 70 .Lloop:
> 71 vlbb %v17,0(%r5,%r3),6 /* Load s2 to block boundary. */
> 72 vlbb %v16,0(%r5,%r2),6 /* Load s1 to block boundary. */
> 73 lcbb %r0,0(%r5,%r2),6 /* Get loaded byte count of s1. */
> 74 jo .Llt16_1 /* Jump away if vector not fully
> loaded. */
> 75 lcbb %r1,0(%r5,%r3),6 /* Get loaded byte count of s2. */
>
> (gdb) print $r5
> $1 = 4
> (gdb) print/x $r3
> $2 = 0x3fff7ff3ffc
>
> The first and second arguments were 0x3fff7ff5ec0 and 0x3fff7ff3ffc.
>
> I believe these are valid inputs to wcsncmp under the most rigid
> interpretation of the standard.
>
> Found through systematic testing, no application impact known.
It would be good to know if this is a 1-byte overread or more.
I see Stefan is already on CC for the issue.
Thanks for the extra testing!
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
2024-06-28 11:59 ` [Bug string/31934] " carlos at redhat dot com
@ 2024-07-01 13:06 ` stli at linux dot ibm.com
2024-07-01 13:16 ` fweimer at redhat dot com
` (15 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: stli at linux dot ibm.com @ 2024-07-01 13:06 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #2 from Stefan Liebler <stli at linux dot ibm.com> ---
Yes, you are right. This should not crash. This is a bug.
Thanks for the extra-testing and the report. I will look into it.
Do you plan to bring your extra-tests upstream?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
2024-06-28 11:59 ` [Bug string/31934] " carlos at redhat dot com
2024-07-01 13:06 ` stli at linux dot ibm.com
@ 2024-07-01 13:16 ` fweimer at redhat dot com
2024-07-11 9:33 ` stli at linux dot ibm.com
` (14 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: fweimer at redhat dot com @ 2024-07-01 13:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--- Comment #3 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Stefan Liebler from comment #2)
> Yes, you are right. This should not crash. This is a bug.
> Thanks for the extra-testing and the report. I will look into it.
>
> Do you plan to bring your extra-tests upstream?
It was found by the test from this patch:
[PATCH] manual: Document a GNU extension for strncmp/wcsncmp
<https://inbox.sourceware.org/libc-alpha/87r0cipcps.fsf@igel.home/>
But I don't know if the test will be considered fast enough for general
inclusion.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (2 preceding siblings ...)
2024-07-01 13:16 ` fweimer at redhat dot com
@ 2024-07-11 9:33 ` stli at linux dot ibm.com
2024-07-11 13:09 ` cvs-commit at gcc dot gnu.org
` (13 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: stli at linux dot ibm.com @ 2024-07-11 9:33 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #4 from Stefan Liebler <stli at linux dot ibm.com> ---
FYI: I've just posted this patch:
[PATCH] s390x: Fix segfault in wcsncmp [BZ #31934]
https://sourceware.org/pipermail/libc-alpha/2024-July/158265.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (3 preceding siblings ...)
2024-07-11 9:33 ` stli at linux dot ibm.com
@ 2024-07-11 13:09 ` cvs-commit at gcc dot gnu.org
2024-07-11 13:22 ` stli at linux dot ibm.com
` (12 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-11 13:09 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #5 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Stefan Liebler <stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b7651410375ec8848a1944992d663d514db4ba7
commit 9b7651410375ec8848a1944992d663d514db4ba7
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (4 preceding siblings ...)
2024-07-11 13:09 ` cvs-commit at gcc dot gnu.org
@ 2024-07-11 13:22 ` stli at linux dot ibm.com
2024-07-16 8:26 ` cvs-commit at gcc dot gnu.org
` (11 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: stli at linux dot ibm.com @ 2024-07-11 13:22 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
Stefan Liebler <stli at linux dot ibm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.40
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #6 from Stefan Liebler <stli at linux dot ibm.com> ---
Fixed with the commit mentioned in previous comment.
I plan to backport it to older release-branches.
I've asked on the mailing-list:
https://sourceware.org/pipermail/libc-alpha/2024-July/158273.html
'''
Note that the wcsncmp implementation was introduced in glibc 2.23:
https://sourceware.org/git/?p=glibc.git;a=commit;h=cee82e70ccb7b2f054cd781b0a603ae244523e72
'S390: Optimize strncmp and wcsncmp.'
Can you please advice which release-branches are maintained and to which
one I should backport them?
To all from glibc 2.39 down to 2.23?
'''
I will post the backported commits as soon as done.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (5 preceding siblings ...)
2024-07-11 13:22 ` stli at linux dot ibm.com
@ 2024-07-16 8:26 ` cvs-commit at gcc dot gnu.org
2024-07-16 8:26 ` cvs-commit at gcc dot gnu.org
` (10 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #7 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.39/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5c46e6b66636be0010e9a732d5ba1e65ebd54687
commit 5c46e6b66636be0010e9a732d5ba1e65ebd54687
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (6 preceding siblings ...)
2024-07-16 8:26 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 8:26 ` cvs-commit at gcc dot gnu.org
2024-07-16 8:30 ` cvs-commit at gcc dot gnu.org
` (9 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:26 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #8 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.38/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=712453634c8efd71a9b3ff0122145a9e90e9955c
commit 712453634c8efd71a9b3ff0122145a9e90e9955c
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (7 preceding siblings ...)
2024-07-16 8:26 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 8:30 ` cvs-commit at gcc dot gnu.org
2024-07-16 8:30 ` cvs-commit at gcc dot gnu.org
` (8 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:30 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #9 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.37/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=340ca2d5148371614c234068f430c19293f962dc
commit 340ca2d5148371614c234068f430c19293f962dc
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (8 preceding siblings ...)
2024-07-16 8:30 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 8:30 ` cvs-commit at gcc dot gnu.org
2024-07-16 8:31 ` cvs-commit at gcc dot gnu.org
` (7 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:30 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #10 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.36/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a70c55a91b2b361f43e4142aadf86f22af57d406
commit a70c55a91b2b361f43e4142aadf86f22af57d406
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (9 preceding siblings ...)
2024-07-16 8:30 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 8:31 ` cvs-commit at gcc dot gnu.org
2024-07-16 8:34 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #11 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7cd62653850135bc880688a78104dbf77cf8121
commit c7cd62653850135bc880688a78104dbf77cf8121
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (10 preceding siblings ...)
2024-07-16 8:31 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 8:34 ` cvs-commit at gcc dot gnu.org
2024-07-16 8:35 ` cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:34 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #12 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=87fa7bfb84895bb517beb8aaf92bd45b829daabb
commit 87fa7bfb84895bb517beb8aaf92bd45b829daabb
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (11 preceding siblings ...)
2024-07-16 8:34 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 8:35 ` cvs-commit at gcc dot gnu.org
2024-07-16 8:35 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #13 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.33/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5f08d1df2c07904c1dc98bdf2b363c65874266f7
commit 5f08d1df2c07904c1dc98bdf2b363c65874266f7
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (12 preceding siblings ...)
2024-07-16 8:35 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 8:35 ` cvs-commit at gcc dot gnu.org
2024-07-16 9:04 ` stli at linux dot ibm.com
` (3 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-07-16 8:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #14 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.32/master branch has been updated by Stefan Liebler
<stli@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ad449c398a845a9c84808e4ac603beaa1006909
commit 5ad449c398a845a9c84808e4ac603beaa1006909
Author: Stefan Liebler <stli@linux.ibm.com>
Date: Thu Jul 11 11:28:53 2024 +0200
s390x: Fix segfault in wcsncmp [BZ #31934]
The z13/vector-optimized wcsncmp implementation segfaults if n=1
and there is only one character (equal on both strings) before
the page end. Then it loads and compares one character and misses
to check n again. The following load fails.
This patch removes the extra load and compare of the first character
and just start with the loop which uses vector-load-to-block-boundary.
This code-path also checks n.
With this patch both tests are passing:
- the simplified one mentioned in the bugzilla 31934
- the full one in Florian Weimer's patch:
"manual: Document a GNU extension for strncmp/wcsncmp"
(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/):
On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (13 preceding siblings ...)
2024-07-16 8:35 ` cvs-commit at gcc dot gnu.org
@ 2024-07-16 9:04 ` stli at linux dot ibm.com
2024-08-01 7:09 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
17 siblings, 0 replies; 19+ messages in thread
From: stli at linux dot ibm.com @ 2024-07-16 9:04 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #15 from Stefan Liebler <stli at linux dot ibm.com> ---
As information:
I've just cherry-picked the commit 9b7651410375ec8848a1944992d663d514db4ba7
s390x: Fix segfault in wcsncmp [BZ #31934]
to the current branches (https://sourceware.org/glibc/wiki/Release)
glibc-2.32-39:
- 2.39: commit 5c46e6b66636be0010e9a732d5ba1e65ebd54687
- 2.38: commit 712453634c8efd71a9b3ff0122145a9e90e9955c
- 2.37: commit 340ca2d5148371614c234068f430c19293f962dc
- 2.36: commit a70c55a91b2b361f43e4142aadf86f22af57d406
- 2.35: commit c7cd62653850135bc880688a78104dbf77cf8121
- 2.34: commit 87fa7bfb84895bb517beb8aaf92bd45b829daabb
- 2.33: commit 5f08d1df2c07904c1dc98bdf2b363c65874266f7
- 2.32: commit 5ad449c398a845a9c84808e4ac603beaa1006909
In case somebody needs the fix for older glibc releases (issue was introduced
with glibc 2.23), feel free to just cherry-pick it. Note, that the file was
moved from sysdeps/s390/multiarch/wcsncmp-vx.S to sysdeps/s390/wcsncmp-vx.S
with commit e9873e1d47c870d707117ada91c9be21e3bf1537 (in glibc 2.29), but the
implementation does not differ.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (14 preceding siblings ...)
2024-07-16 9:04 ` stli at linux dot ibm.com
@ 2024-08-01 7:09 ` cvs-commit at gcc dot gnu.org
2024-08-01 7:41 ` cvs-commit at gcc dot gnu.org
2024-08-01 8:03 ` cvs-commit at gcc dot gnu.org
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-08-01 7:09 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #16 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Florian Weimer <fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54252394c25ddf0062e288d4a6ab7a885f8ae009
commit 54252394c25ddf0062e288d4a6ab7a885f8ae009
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Jun 27 16:26:56 2024 +0200
Enhanced test coverage for strncmp, wcsncmp
Add string/test-strncmp-nonarray and
wcsmbs/test-wcsncmp-nonarray.
This is the test that uncovered bug 31934. Test run time
is more than one minute on a fairly current system, so turn
these into xtests that do not run automatically.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (15 preceding siblings ...)
2024-08-01 7:09 ` cvs-commit at gcc dot gnu.org
@ 2024-08-01 7:41 ` cvs-commit at gcc dot gnu.org
2024-08-01 8:03 ` cvs-commit at gcc dot gnu.org
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-08-01 7:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #17 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.40/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46f19b234244f4654b9e3898ac1c27de86068222
commit 46f19b234244f4654b9e3898ac1c27de86068222
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Jun 27 16:26:56 2024 +0200
Enhanced test coverage for strncmp, wcsncmp
Add string/test-strncmp-nonarray and
wcsmbs/test-wcsncmp-nonarray.
This is the test that uncovered bug 31934. Test run time
is more than one minute on a fairly current system, so turn
these into xtests that do not run automatically.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
(cherry picked from commit 54252394c25ddf0062e288d4a6ab7a885f8ae009)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [Bug string/31934] wcsncmp crash on s390x on vlbb instruction
2024-06-27 15:13 [Bug string/31934] New: wcsncmp crash on s390x on vlbb instruction fweimer at redhat dot com
` (16 preceding siblings ...)
2024-08-01 7:41 ` cvs-commit at gcc dot gnu.org
@ 2024-08-01 8:03 ` cvs-commit at gcc dot gnu.org
17 siblings, 0 replies; 19+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-08-01 8:03 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31934
--- Comment #18 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The release/2.39/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=127ef30c46586cfe9fa3e19ad074280b139c84c4
commit 127ef30c46586cfe9fa3e19ad074280b139c84c4
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Jun 27 16:26:56 2024 +0200
Enhanced test coverage for strncmp, wcsncmp
Add string/test-strncmp-nonarray and
wcsmbs/test-wcsncmp-nonarray.
This is the test that uncovered bug 31934. Test run time
is more than one minute on a fairly current system, so turn
these into xtests that do not run automatically.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
(cherry picked from commit 54252394c25ddf0062e288d4a6ab7a885f8ae009)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 19+ messages in thread