From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=d8eB=44=mentor.com=joseph_myers@sourceware.org>
Received: from esa2.mentor.iphmx.com (esa2.mentor.iphmx.com [68.232.141.98])
	by sourceware.org (Postfix) with ESMTPS id EBB243858D1E
	for <libc-alpha@sourceware.org>; Fri, 30 Dec 2022 18:02:08 +0000 (GMT)
X-IronPort-AV: E=Sophos;i="5.96,288,1665475200"; 
   d="scan'208";a="92109908"
Received: from orw-gwy-02-in.mentorg.com ([192.94.38.167])
  by esa2.mentor.iphmx.com with ESMTP; 30 Dec 2022 10:02:07 -0800
IronPort-SDR: n7dX5MhIi3xEo36GsPz1dc8Mylu+uS6AY9IMU0IelkKcCR739eXrxjnjMHogR2BwoT6AE8647Z
 GN+Omx0+/W8ghJx0BI+AAR+E6GjDwr1olWU8x+A54yXLKLAJar4iVXGc/T3otopEKdnEP9mp1B
 w/FLplFcBDwjo3K40mPY/eEqaK4LSNLlL8TZByTqD0SpmyTFpEKXig5yq6mbZwYa2QCxTjLL3p
 ZgzAnYDKElKA9kw09Q/4+DmAWGguJTyifz7ZxJAFj9KbHOjozAyJb9eFGuAi0u6EZbRtHnTndk
 Ob0=
Date: Fri, 30 Dec 2022 18:02:01 +0000
From: Joseph Myers <joseph@codesourcery.com>
To: Alejandro Colomar <alx.manpages@gmail.com>
CC: Zack Weinberg <zack@owlfolio.org>, Wilco Dijkstra
	<Wilco.Dijkstra@arm.com>, Carlos O'Donell <carlos@redhat.com>, 'GNU C
 Library' <libc-alpha@sourceware.org>
Subject: Re: Bug 29863 - Segmentation fault in memcmp-sse2.S if memory contents
 can concurrently change
In-Reply-To: <2a6f6912-592a-b82b-0efb-ea985dea2548@gmail.com>
Message-ID: <4b1f7f41-535-8947-80c1-662768db9235@codesourcery.com>
References: <PAWPR08MB89825887E12FF900540365F483E09@PAWPR08MB8982.eurprd08.prod.outlook.com> <PAWPR08MB898260DA844D695EA70ED3E483E09@PAWPR08MB8982.eurprd08.prod.outlook.com> <PAWPR08MB8982F613727B0BC4942F146F83E09@PAWPR08MB8982.eurprd08.prod.outlook.com>
 <ypikr0wioet2.wl-zack@owlfolio.org> <2a6f6912-592a-b82b-0efb-ea985dea2548@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Originating-IP: [137.202.0.90]
X-ClientProxiedBy: svr-ies-mbx-12.mgc.mentorg.com (139.181.222.12) To
 svr-ies-mbx-10.mgc.mentorg.com (139.181.222.10)
X-Spam-Status: No, score=-3109.2 required=5.0 tests=BAYES_00,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On Thu, 29 Dec 2022, Alejandro Colomar via Libc-alpha wrote:

> Okay, probably it's not the fastest one, but it's simple.  This one would
> SIGSEGV in the following case:
> 
> Another thread might insert a NUL at the beginning of each string (after the
> loop has passed over it), and in the next cycle remove the
> previously-terminating NUL from the strings.  The loop would then run forever,
> until a crash.

I also think it should be OK for strcmp to SEGV if a NUL terminator byte 
in either string at the time strlen is called, or at any time during its 
execution, ceases at any point during the execution of strlen to be a NUL 
byte (even if there is an earlier or later NUL already present at the time 
the terminator byte is changed).  (There is a reasonable case for avoiding 
a SEGV when the contents of the strings change during execution, as long 
as any byte that is the NUL terminator byte at any point during execution 
of the call never ceases to be a NUL byte during execution of that call - 
an earlier NUL might be added, however.)

-- 
Joseph S. Myers
joseph@codesourcery.com