From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2080.outbound.protection.outlook.com [40.107.20.80]) by sourceware.org (Postfix) with ESMTPS id 08CD33858D33 for ; Wed, 22 Feb 2023 12:18:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 08CD33858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VohDSdb36DkklvkWtGCJbpKJ7C/OMzsNXHDyldQg4zg=; b=b5SVaPdnBFJDaOUj+LclixnAcVZaAy9qqC8q0tlI5f0kI7Au4tyy9TtLNn9zqzrh6/GIuny0IxF9GuXXp6WywjGxwLhjEhX2pY64N/5geInT13zvqafJhuW1sp8dXLVDLbFBK33Ol1BrujOI/LXt2mnhVzwAxfxv1l9UhVd+7Jk= Received: from DB7PR05CA0054.eurprd05.prod.outlook.com (2603:10a6:10:2e::31) by DB3PR08MB9112.eurprd08.prod.outlook.com (2603:10a6:10:43c::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.19; Wed, 22 Feb 2023 12:18:43 +0000 Received: from DBAEUR03FT049.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:2e:cafe::4c) by DB7PR05CA0054.outlook.office365.com (2603:10a6:10:2e::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.18 via Frontend Transport; Wed, 22 Feb 2023 12:18:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT049.mail.protection.outlook.com (100.127.142.192) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.17 via Frontend Transport; Wed, 22 Feb 2023 12:18:42 +0000 Received: ("Tessian outbound 0d7b2ab0f13d:v132"); Wed, 22 Feb 2023 12:18:42 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 6b057091876aadaa X-CR-MTA-TID: 64aa7808 Received: from 53f9af608e78.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 955A1D36-DF7B-405A-9F00-8C4B92C509A8.1; Wed, 22 Feb 2023 12:18:35 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 53f9af608e78.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 22 Feb 2023 12:18:35 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aO3uVf0GhVDTi7c8Vf6Lgy2/D05EtXCjW3+P8eUlx6WoXesD3N00CYsA1JhB4WcTnQpOAmw1DdDiHPSz9N9dCc6jHtonE6C3qHen0M2SaHN+pXPe5fMyz0ZGAay67m2lfJJnba8iBK76/141Br77GDlEfjNoNl870EmBMfrPEGjng0a92AXO7t0/7uki4Eum4pooeOslMYz3knJcQfjJ8+p0gHa45Z78K8nqnTbG7CM8N0NtN6XoPD4f6BdDxAeNKJ2lXfmGAAfcdvwUSq0g4jMlG2+AD6oJ5sQerd0HE2Nx8UdLTbxECYowI4Dopgs4uR57faxyzVb/TSidT+N5dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VohDSdb36DkklvkWtGCJbpKJ7C/OMzsNXHDyldQg4zg=; b=e07KXlRbJ1+t9qJKHysyZu2aBdhoZd/GDWY5YEMj2XFLvn3vywN0D7LRg0TRSWl6BHnRUZvBQrj+9ymq2i4kjBPwfnxqCT+tqs2jHh1p+j3P2+G2CNrVokTCVXGnA2jqvax+i84/fXEqMFEXSm5nIvxkssFtE/EVoNbONLLDEWO7j6F4LEdHQoVII/RiDirULV8SyJFCOVS82jxUoIEN6sfjMIKUR8M0wwug1FatCkENDsIKtDOVRdfzeEYB77vh+N0mkHCaITDTqymyRApwVpOntlvs67E/TT/JJqatCBpn+BDAJVBv9mU5PmKAQzDo7CLnOsPsjAMa2iRna6q56A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VohDSdb36DkklvkWtGCJbpKJ7C/OMzsNXHDyldQg4zg=; b=b5SVaPdnBFJDaOUj+LclixnAcVZaAy9qqC8q0tlI5f0kI7Au4tyy9TtLNn9zqzrh6/GIuny0IxF9GuXXp6WywjGxwLhjEhX2pY64N/5geInT13zvqafJhuW1sp8dXLVDLbFBK33Ol1BrujOI/LXt2mnhVzwAxfxv1l9UhVd+7Jk= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) by AS8PR08MB7324.eurprd08.prod.outlook.com (2603:10a6:20b:443::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.18; Wed, 22 Feb 2023 12:18:32 +0000 Received: from DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::e3d1:5a4:db0c:43cc]) by DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::e3d1:5a4:db0c:43cc%5]) with mapi id 15.20.6134.019; Wed, 22 Feb 2023 12:18:31 +0000 Date: Wed, 22 Feb 2023 12:18:18 +0000 From: Szabolcs Nagy To: Adhemerval Zanella Cc: libc-alpha@sourceware.org Subject: Re: [PATCH] string: Fix OOB read on generic strncmp Message-ID: References: <20230221190612.2034413-1-adhemerval.zanella@linaro.org> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230221190612.2034413-1-adhemerval.zanella@linaro.org> X-ClientProxiedBy: LO4P123CA0098.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:191::13) To DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: DB9PR08MB7179:EE_|AS8PR08MB7324:EE_|DBAEUR03FT049:EE_|DB3PR08MB9112:EE_ X-MS-Office365-Filtering-Correlation-Id: b92edb33-99b6-4eca-a6aa-08db14cef02e x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: Yg/hpRtnJzGGzIher/jxomowBjEiGawoZXmprqjcAP6jDeJ//1gZO1NvDvAZ5/3exq33LbN9yeFQrJtzxyUvWpJ1gYJrJluBw9BH+bcCxD23kGzZTT+D14SJj4ebKPX9+gnPGGfY9ybRr84SS3lKfWVs1oKc3+DLJ3dLssPpa31JmmCzXXmDmnA86eNe91FLCPscCkYZt/Ji1h6S6G4KUa312XxM/aAuJD+FmvwL9/auATvQeANXFVOCT2zE8EQimcwFG8WZQJxUVD4gAvRVjHC+RDgXMQ9I2i9qBRvXE6csz6j4/Zv8gY8l2979ovKsykjd7EX1ggcNRWvreLEqiw19c6gykCm9RTXQzKxL9AarJrqZnHTcxWWiQJPHYVmpx4IPTTychmIwDe61yAYfAgYPIZKRKaq1JGyMjGyHKjklvpjx2EE/Ibt2wf3C6cLTqq1JNdAscvTQobNItDM7WJtTFeXfiY05iJjTrLtuj/9pwAw/SanuWfHBUloLFNNwI4/Vp49ZXXK1mhgXzYHgQBxEcaQAzjxovNNmSO83Q71prbngEL/yTGUmQ7glKErcuTGgX2CeIn5W3lmQi6X80aFzJxf7miC9eV24BwqYM/ZU4ANBp8gDKp1e8lWAdUnBpZFCzBq9vU+rr+4isoVmtegO8veEhN1hipnNyvlCE8yFNsddHWOM3UJBy1wFhNax/+7G73ft0m22RtMgKMXh864S/wMI2YBWwICvHKnDyjLKfV9YYuSu5AI1xqncAUZb X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR08MB7179.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(346002)(366004)(39860400002)(396003)(376002)(136003)(451199018)(66556008)(36756003)(41300700001)(2616005)(8676002)(6512007)(8936002)(26005)(6506007)(4326008)(186003)(66946007)(6916009)(86362001)(44832011)(5660300002)(83380400001)(66476007)(478600001)(6666004)(316002)(6486002)(38100700002)(2906002)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB7324 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT049.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 7180813e-f234-499d-2e0a-08db14cee92b X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lcDRMuUr59veTnssBexpBA9oQmaPrqDcsDrovL4EGjiuGYK7sNu4T/GZEVxVDhLFfLup8RjjCk5NLuopcqzjVSeOaD9F54xuB2OLQO8Jwc9OUqPMUx8r7ROuFqkF2ic1QFx5oKLVXBvz/C4HkUIATZOSyKbzXHReyrD3QeaBP3NGzX2+U2Oqw5+Cwac0CuHspDT6Xi+q7frNumH179sTi9MrYf/agbBvjomcxooKLEHhVicsyl8VuOw0unKef0TwnkNiaupy4mca/XvfnpNqfJp72/aUSefcHBrrvUftAE4IReqtGKrOf5ORd4915D4uCnD59O4LFln4vW5SlITilvoW6Vc9hzJud5VxoEZMuxQ6woYjmUKFSyLQv6eoeUZAuAy6JPsBQuIvhGNfu9vTcOdZ5M32GPM1BbIh7O5XTAOhyMw32b8CxRN9/HvH97j5ZTqqKO7Ndc/JLpbOO00KkPlwDsg2kFmK6+6Wr2orPdGgF9X0ZmbaGNIxfPcQHQFhLPjzI5Fr+0IFiIB07X2iFSv02ZSv2kwufuKEX4d681A0ZKkAETNXCyfJqOMv52qJYRUzClD720gKvcgfuY/ekYkaGUEyxolAbUaBZQCLKegvvZ17ppU9rvjQmgEgYepN1BREZ655DiH6oPKnw1UC2m8VQK56HFQg8rQ8HrZKJcTR5DAdpiUo4vmBiBwagWx41UTcB19fkBZSnBXZhuKwuKdcax+OTPgHS9nTBMLVuZbXX1TSlKPOXWZTQdSFBmmh3SerKLLgyEtbEi9TW3LBWcvFJn447kg1a2b8d94G/h8= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230025)(4636009)(346002)(396003)(39860400002)(136003)(376002)(451199018)(36840700001)(46966006)(40470700004)(81166007)(40480700001)(82740400003)(336012)(2906002)(36860700001)(40460700003)(83380400001)(2616005)(47076005)(36756003)(186003)(6512007)(6506007)(26005)(6666004)(316002)(5660300002)(41300700001)(86362001)(4326008)(70206006)(70586007)(8676002)(82310400005)(6486002)(44832011)(6862004)(478600001)(8936002)(356005)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2023 12:18:42.8308 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b92edb33-99b6-4eca-a6aa-08db14cef02e X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT049.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR08MB9112 X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,GIT_PATCH_0,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: The 02/21/2023 16:06, Adhemerval Zanella wrote: > For unaligned case, reading ahead can only be done if parting reads > matches the aligned input. > > Also extend the stratcliff tests to check such cases. > > Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu, > and powerpc-linux-gnu by removing the arch-specific assembly > implementation and disabling multi-arch (it covers both LE and BE > for 64 and 32 bits). > --- > string/stratcliff.c | 17 +++++++++++++++++ > string/strncmp.c | 13 ++++++++++++- > 2 files changed, 29 insertions(+), 1 deletion(-) > > diff --git a/string/stratcliff.c b/string/stratcliff.c > index 74d64cc03d..864d856921 100644 > --- a/string/stratcliff.c > +++ b/string/stratcliff.c > @@ -409,6 +409,23 @@ do_test (void) > } > } > > + for (outer = 1; outer < 32; ++outer) > + for (middle = 0; middle < 16; ++middle) > + { > + MEMSET (adr + middle, L('T'), 256); > + adr[256] = L('\0'); > + MEMSET (dest + nchars - outer, L('T'), outer - 1); > + dest[nchars - outer] = L('U'); > + > + if (STRNCMP (adr + middle, &dest[nchars - middle - 1], outer) > 0) > + { > + printf ("%s 1 flunked for outer = %zu, middle = %zu, " > + "inner = %zu\n", > + STRINGIFY (STRNCMP), outer, middle, inner); > + result = 1; > + } > + } > + this depends on dest[nchars-1] != 'T' when outer > middle+1 and dest[nchars-middle-1] <= 'T' when outer < middle which is not clear from the context. below the existing if (STRNCMP (adr + middle, dest + nchars - outer, outer) >= 0) ... i'd just add if (STRNCMP (adr + middle, dest + nchars - outer, outer + 99) >= 0) ... and then with flipped args too. > diff --git a/string/strncmp.c b/string/strncmp.c > index 4c8bf36bb9..751bf53d55 100644 > --- a/string/strncmp.c > +++ b/string/strncmp.c > @@ -73,7 +73,11 @@ strncmp_unaligned_loop (const op_t *x1, const op_t *x2, op_t w1, uintptr_t ofs, > uintptr_t sh_2 = sizeof(op_t) * CHAR_BIT - sh_1; > > op_t w2 = MERGE (w2a, sh_1, (op_t)-1, sh_2); > - if (!has_zero (w2) && n > (sizeof (op_t) - ofs)) > + > + /* Reading ahead is wrong if w1 and w2 already differs. */ > + op_t w1a = MERGE (w1, 0, (op_t)-1, sh_2); > + > + if (!has_zero (w2) && w2 == w1a && n >= (sizeof (op_t) - ofs)) > { > op_t w2b; > > @@ -90,6 +94,13 @@ strncmp_unaligned_loop (const op_t *x1, const op_t *x2, op_t w1, uintptr_t ofs, > if (has_zero (w2b) || n <= (sizeof (op_t) - ofs)) > break; > w1 = *x1++; > + > + /* Reading ahead is wrong if w1 and w2 already differs. */ > + w2 = MERGE (w2b, sh_1, (op_t)-1, sh_2); > + w1a = MERGE (w1, 0, (op_t)-1, sh_2); > + if (w2 != w1a) > + return final_cmp (w1a, w2, n); > + > w2a = w2b; > } i have difficulty following this code, but it looks ok to me.