From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=kaAP=6S=arm.com=Szabolcs.Nagy@sourceware.org>
Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2062.outbound.protection.outlook.com [40.107.105.62])
	by sourceware.org (Postfix) with ESMTPS id A8A833858D33
	for <libc-alpha@sourceware.org>; Wed, 22 Feb 2023 17:21:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A8A833858D33
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OvTvwEhZ4Zy5f0RPJaXwjVI3bebVbG2F81li7TugdEA=;
 b=LQdLtdoQjmKhWRIjoR6ZuFSCl631wBTmY97UX31btLdv8TM4nDhWLh6i5t52acoIpFe4vUaCMm4pBXyt6nOvEOmdgmak3h6MsmWqfD1/PmUZh0ikVoMMMYTa60Ed4wpXkdJzoRXzN/ZTjfAO+6tLRzjCakX4FF5FdYBwIeUkfZA=
Received: from DB6PR0201CA0018.eurprd02.prod.outlook.com (2603:10a6:4:3f::28)
 by DB9PR08MB6380.eurprd08.prod.outlook.com (2603:10a6:10:256::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.19; Wed, 22 Feb
 2023 17:21:49 +0000
Received: from DBAEUR03FT036.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:4:3f:cafe::5a) by DB6PR0201CA0018.outlook.office365.com
 (2603:10a6:4:3f::28) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.21 via Frontend
 Transport; Wed, 22 Feb 2023 17:21:49 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 DBAEUR03FT036.mail.protection.outlook.com (100.127.142.193) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6134.19 via Frontend Transport; Wed, 22 Feb 2023 17:21:49 +0000
Received: ("Tessian outbound 8038f0863a52:v132"); Wed, 22 Feb 2023 17:21:49 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 87f999d8c7883eea
X-CR-MTA-TID: 64aa7808
Received: from 8e512d9705c5.1
	by 64aa7808-outbound-1.mta.getcheckrecipient.com id 4E3607A4-D12B-4493-BAF0-4C9905D5525C.1;
	Wed, 22 Feb 2023 17:21:42 +0000
Received: from EUR02-DB5-obe.outbound.protection.outlook.com
    by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8e512d9705c5.1
    (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
    Wed, 22 Feb 2023 17:21:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=L3mi01RLgETqlStcER4twtYgc0Zx3gKMW+SLCTOlIuW6yai7eNMw74QmlSdZHnlCepPo8IbY99jnU/0SM5ygqBmvjV4wH/TrNLpg8TBsy8VAVM2rMkE+U6ixlzzW707fZ2u+ciNNFYtey+isVCFCWwSdm/eBF+g+BQkvscXyH8PRN/cMlfH927FdwF+hp4FOdhrMnRd9h2rR1Gg/mghU9GtP4X6zjnOV7T51fkp2QEZo937XixAybfCF0/MZ1mXuAENdEa6HYzI2UbM2oj/iq9IQKey1qvHTExx2ra1T6xnf+v376PpXfFoEfmgnCAYr0tu897iTB/Tj93fNqTbBSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=OvTvwEhZ4Zy5f0RPJaXwjVI3bebVbG2F81li7TugdEA=;
 b=HaeIUzSrrI9EMlQPbQmUG65eVT9gJYXItUwU6wBmx9HUaEcz7CzWlk+5UOhzEillGSognuHh/e7gFzib1GhWjrhkFqLuAHBuOyQfjvhgSXq4hGdPkibEnrdOVNSj9b826HaCOGtIem/tg2hBmCVeD5PtXdkZhdP6a5SymE++DAUmqLNXyGIq0re1PnFzqw5z8otgZR2joMv3xcR4gubUZXNfMGRQj/xQzddkFXw8imR0CW6cjqA2PIaxVX7RF/WZpX1NzYQz6Yl2gCneUM8zWapwcdsFP7Xz2OzqliMZoTYx8o0tUBJzebt7YCOmRoi3agW70XHlZCbfLEC2K1uQVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
 header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OvTvwEhZ4Zy5f0RPJaXwjVI3bebVbG2F81li7TugdEA=;
 b=LQdLtdoQjmKhWRIjoR6ZuFSCl631wBTmY97UX31btLdv8TM4nDhWLh6i5t52acoIpFe4vUaCMm4pBXyt6nOvEOmdgmak3h6MsmWqfD1/PmUZh0ikVoMMMYTa60Ed4wpXkdJzoRXzN/ZTjfAO+6tLRzjCakX4FF5FdYBwIeUkfZA=
Authentication-Results-Original: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19)
 by PAVPR08MB9082.eurprd08.prod.outlook.com (2603:10a6:102:32f::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.19; Wed, 22 Feb
 2023 17:21:41 +0000
Received: from DB9PR08MB7179.eurprd08.prod.outlook.com
 ([fe80::e3d1:5a4:db0c:43cc]) by DB9PR08MB7179.eurprd08.prod.outlook.com
 ([fe80::e3d1:5a4:db0c:43cc%5]) with mapi id 15.20.6134.019; Wed, 22 Feb 2023
 17:21:41 +0000
Date: Wed, 22 Feb 2023 17:21:26 +0000
From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH v2] string: Fix OOB read on generic strncmp
Message-ID: <Y/ZPFmLgwSNgxphJ@arm.com>
References: <20230222163159.3446687-1-adhemerval.zanella@linaro.org>
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20230222163159.3446687-1-adhemerval.zanella@linaro.org>
X-ClientProxiedBy: LO2P265CA0415.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:a0::19) To DB9PR08MB7179.eurprd08.prod.outlook.com
 (2603:10a6:10:2cc::19)
MIME-Version: 1.0
X-MS-TrafficTypeDiagnostic:
	DB9PR08MB7179:EE_|PAVPR08MB9082:EE_|DBAEUR03FT036:EE_|DB9PR08MB6380:EE_
X-MS-Office365-Filtering-Correlation-Id: ca7bcf23-b490-44a0-187c-08db14f94863
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
 6lvxbdtkK2PGLBIRfXmy7UT8DioRdqVGo+OkMnb0kEUjeaK9owBSEoBhJxm3Ejrkbk/B9nSrhUohi2ZY5xii6wFiGVYzVOJ9T02E9ICK+VrlS5ywDT33naz/IjX4vH8OBcAtofi/Re4flntw42pzQTO5OLzK/sBYRgSdvN6Ck7cpb1ppzrMdjrf0XR4lQLeHEwDWRzkRCf1UdlHho9AcNfQb03sbUsdeycB06RUfpXC5LYRoc9ui9aymlpi5JVt/e/kHasi4A4V7CxoRJ6K731Od3ZRNIcXCOIJ4aCUjVaNHS6G1Xdj5+Lucnb0gIkEU/a8LJQqPijuAsiQoxAP7r1ho5hrAdtEsXlkifBibmAwfrowgCOfjPfm+//G6gMccENdcgv5WaJ906TvvcTH6z9iR2WUA+Ty5+n3nngNGfKLvEjyZP79g0De/qKss0BcETmekBcMttV+CgMeBF19k+/szGswHjRWPhPVc+7HY3Q1kFVh3pOMUTO4l0SwJGXwyVmG9UirYXWZvlfjbuvA0FMb8X35y3E28I/ABIgCGsYXi/MhyA3QC+sHGjUaK6aPfnhFZPZp71zQ5sGRbvHeIsHrQNO5+orysJqbEQE3YyUSF8A8M3w7MMAQsJc+SYK3IBbW6s1k3/cxEnyZ6rE9M1sWf5hai2za7WkvGUyrwDb/O2S82G13idaa3WrEypzWxaonTa+2t2x5nwBLpPZMzjiuPD1ZA+8NvbHA5KjXFwno9q0GovCFyDN+QAOYDUqpU
X-Forefront-Antispam-Report-Untrusted:
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR08MB7179.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(396003)(366004)(376002)(346002)(39860400002)(136003)(451199018)(2906002)(44832011)(5660300002)(36756003)(83380400001)(186003)(26005)(2616005)(6506007)(38100700002)(4326008)(6916009)(66556008)(8676002)(316002)(66476007)(66946007)(8936002)(6512007)(6666004)(86362001)(41300700001)(478600001)(6486002)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR08MB9082
Original-Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
 DBAEUR03FT036.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs:
	650f90a2-6134-41ec-8f5d-08db14f9435a
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	/T4YspNj5s5W1ocSzC2R8DhHhQ6GHc2UsPnnC+s3jtifwQHZw3TgkPx1d9m7MJFMfft0Zr1a7iVVHAkt0oixMBiw01aAX+uWOq0gJ70nmGG2UX7/ZDE9zjIThDsFbE11L3BvUeqxnoWYsLK/VcL9hzcbHMTqR7VOV9jtHZxIj+eUt0xdhMpUDTBjaCyL3DDab3h4rHzF40M3aOVLUTGZ7QkJn47mnSwKAf+bvFo8B5FN2TjROfOd/SGtPR2qwljeYyKbORJ3IjoFBa4jh4W0+fjHSqG/USNV9ZzsoLikqN/iyGpPaxU0t5WCQgbrFel/IjGFGCvGs3ez5ZzkdTGzuSbBve/8+XQxO1a2INzB5MSa/jzPhaTSkkrqhxyz3CfTZQCMn1MfdIdsM22IZmi05zQRJglCB4lkSWvvibqrj2dNFP5YNGUTMB/Om7Fluf+jHfZ8xXZxSyAaXE2F6EhmK+6DquRjHMJZmEcSC294gPx6xW9ZK/6DDT7EkNuFdBBy7SnvlcZSwvxp7Aj1GpnQfZMKDyDgwosCUO0NY6ZrDoM1FDKsuoN5QNyDx9EZKYo4RFux2iI72SP15rrukyKhWcnkN+14mdkuDA58BeIYhdAwgqkDBIiqV97rKmZRaAxZjm71rfxBHMLr3AnwAkh8t7bdbm6U+CLh3c60O95etteNFUgQ3p9FgS98Wx1dr+2xRIt3cbNtbU7yPBYVlVGHXWOirF8sd3P4duT8zFFvkN4NqBI9m/xBThD8bn5K7TihsO/PRJN6uRALEPCktWMYFDkcETSywqo5Qj8JlBc/zX8=
X-Forefront-Antispam-Report:
	CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230025)(4636009)(396003)(346002)(39860400002)(376002)(136003)(451199018)(46966006)(36840700001)(40470700004)(316002)(83380400001)(478600001)(47076005)(44832011)(81166007)(36756003)(82740400003)(2906002)(82310400005)(86362001)(356005)(70206006)(70586007)(4326008)(8676002)(40460700003)(41300700001)(6862004)(40480700001)(8936002)(5660300002)(36860700001)(2616005)(6486002)(26005)(186003)(6506007)(6512007)(6666004)(336012)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2023 17:21:49.6923
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ca7bcf23-b490-44a0-187c-08db14f94863
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource:
	DBAEUR03FT036.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6380
X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,GIT_PATCH_0,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

The 02/22/2023 13:31, Adhemerval Zanella wrote:
> For unaligned case, reading ahead can only be done if parting reads
> matches the aligned input.
> 
> Also extend the stratcliff tests to check such cases.
> 
> Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu,
> and powerpc-linux-gnu by removing the arch-specific assembly
> implementation and disabling multi-arch (it covers both LE and BE
> for 64 and 32 bits).

thanks this looks good.

Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>


> ---
>  string/stratcliff.c | 17 ++++++++++++++++-
>  string/strncmp.c    | 13 ++++++++++++-
>  2 files changed, 28 insertions(+), 2 deletions(-)
> 
> diff --git a/string/stratcliff.c b/string/stratcliff.c
> index 74d64cc03d..88ac787088 100644
> --- a/string/stratcliff.c
> +++ b/string/stratcliff.c
> @@ -401,12 +401,27 @@ do_test (void)
>  		result = 1;
>  	      }
>  
> -	    if (STRNCMP (dest + nchars - outer, adr + middle, outer) <= 0)
> +	    /* Also check for size larger than the string.  */
> +	    if (STRNCMP (adr + middle, dest + nchars - outer, outer + 99) >= 0)
>  	      {
>  		printf ("%s 2 flunked for outer = %zu, middle = %zu, full\n",
> +			STRINGIFY (STRNCMP), outer + 99, middle);
> +		result = 1;
> +	      }
> +
> +	    if (STRNCMP (dest + nchars - outer, adr + middle, outer) <= 0)
> +	      {
> +		printf ("%s 3 flunked for outer = %zu, middle = %zu, full\n",
>  			STRINGIFY (STRNCMP), outer, middle);
>  		result = 1;
>  	      }
> +
> +	    if (STRNCMP (dest + nchars - outer, adr + middle, outer + 99) <= 0)
> +	      {
> +		printf ("%s 4 flunked for outer = %zu, middle = %zu, full\n",
> +			STRINGIFY (STRNCMP), outer + 99, middle);
> +		result = 1;
> +	      }
>  	  }
>  
>        /* strncpy/wcsncpy tests */
> diff --git a/string/strncmp.c b/string/strncmp.c
> index 4c8bf36bb9..751bf53d55 100644
> --- a/string/strncmp.c
> +++ b/string/strncmp.c
> @@ -73,7 +73,11 @@ strncmp_unaligned_loop (const op_t *x1, const op_t *x2, op_t w1, uintptr_t ofs,
>    uintptr_t sh_2 = sizeof(op_t) * CHAR_BIT - sh_1;
>  
>    op_t w2 = MERGE (w2a, sh_1, (op_t)-1, sh_2);
> -  if (!has_zero (w2) && n > (sizeof (op_t) - ofs))
> +
> +  /* Reading ahead is wrong if w1 and w2 already differs.  */
> +  op_t w1a = MERGE (w1, 0, (op_t)-1, sh_2);
> +
> +  if (!has_zero (w2) && w2 == w1a && n >= (sizeof (op_t) - ofs))
>      {
>        op_t w2b;
>  
> @@ -90,6 +94,13 @@ strncmp_unaligned_loop (const op_t *x1, const op_t *x2, op_t w1, uintptr_t ofs,
>  	  if (has_zero (w2b) || n <= (sizeof (op_t) - ofs))
>  	    break;
>  	  w1 = *x1++;
> +
> +	  /* Reading ahead is wrong if w1 and w2 already differs.  */
> +	  w2 = MERGE (w2b, sh_1, (op_t)-1, sh_2);
> +	  w1a = MERGE (w1, 0, (op_t)-1, sh_2);
> +	  if (w2 != w1a)
> +	    return final_cmp (w1a, w2, n);
> +
>  	  w2a = w2b;
>  	}
>  
> -- 
> 2.34.1
>