From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa1-x30.google.com (mail-oa1-x30.google.com [IPv6:2001:4860:4864:20::30]) by sourceware.org (Postfix) with ESMTPS id 252863858C00 for ; Thu, 23 Feb 2023 18:15:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 252863858C00 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-oa1-x30.google.com with SMTP id 586e51a60fabf-1724d65d002so9745198fac.4 for ; Thu, 23 Feb 2023 10:15:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1677176114; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=TPfEVQeOaMGjRpeipRWo5WDDfcnw6SBqleHWwL9G8oM=; b=uCZb1Ng3UPz43cYqeLycU8e3d6KXpAbW775B9w7rtfyLt39wkUG8H8QutanA6jHf9O b8C3FatVk1D4U45zBRd9ijuykIS0sCjtBfhu57iexHaOPYAJ+R4tRole4IJiKlOXfHJ+ m00JA9pZyI1DwzCxb/Bq16FbttJ+64H5mmS4tUN1SLa/bKp7lnO8Yt0STT71SBdUfkL8 xNXjoNN5OQkOA6VQqZgQ9RZSN2/mxth7sFIc3KcgrZjePdnSliFnPTkBOq7pNXGMvOBh AN6IQWyNwYjdXCsLgvsr7HPSlWp3T+QFsm1t+c0wfY4D3tGB1LP9gXHDR7g4c1OtEBu+ yz2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677176114; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TPfEVQeOaMGjRpeipRWo5WDDfcnw6SBqleHWwL9G8oM=; b=Tsd3ZK8xAkL2zRFKo0JmtCdiuFcqRF1MRfcQLUgjrVCsTFmGwAfIk/HW9SOPdLoAHK JsCJecAtTn80/R6LO5LbZwG7pJdwG+0eVm5nM+8cthmTAtWQANjerKEI0N3wqcfv65ek Zw1k8eYERJZQ/UDZpO6Y0StHqVnYtROcMv8li1x17XaqXQHk4S6o5MTRpciGe1a/uz5n ZsSjqHi5CYw37Xl+JMt2aQBu1cSxKj6tH1sjI0dMD5WiUmmP7SR1oXroV0icGbRRwTKf OQPHiV5ANMLYAkLmSc8RVSmkcEStzLIZAON0kbkDk1RFhv6LUrgk0mes224yqhXHR7d/ ajZg== X-Gm-Message-State: AO0yUKXM4Yw6iePZPbL3D4KrNBnAdnHnVsHWGmNom3UEW05T/xMJhddc 473RvwAm5MmSviLCsSa7JcmpNQ== X-Google-Smtp-Source: AK7set9FFwzu4dQsF6gWxwVyQYlKl9p/MS+NbCtIY7/N8/8MEFSkAhf0bNnMdtNwFVOAOHmbyVMacg== X-Received: by 2002:a05:6870:63a6:b0:16e:8edf:42b5 with SMTP id t38-20020a05687063a600b0016e8edf42b5mr14492919oap.51.1677176114208; Thu, 23 Feb 2023 10:15:14 -0800 (PST) Received: from ?IPV6:2804:1b3:a7c3:89be:8c1b:4e8b:6072:80c5? ([2804:1b3:a7c3:89be:8c1b:4e8b:6072:80c5]) by smtp.gmail.com with ESMTPSA id i3-20020a05683033e300b00684152e9ff2sm3078259otu.0.2023.02.23.10.15.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 23 Feb 2023 10:15:13 -0800 (PST) Message-ID: Date: Thu, 23 Feb 2023 15:15:09 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: Re: [PATCH v2] string: Fix OOB read on generic strncmp Content-Language: en-US To: Szabolcs Nagy , Florian Weimer , "H.J. Lu" , Noah Goldstein Cc: libc-alpha@sourceware.org References: <20230222163159.3446687-1-adhemerval.zanella@linaro.org> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 22/02/23 14:21, Szabolcs Nagy wrote: > The 02/22/2023 13:31, Adhemerval Zanella wrote: >> For unaligned case, reading ahead can only be done if parting reads >> matches the aligned input. >> >> Also extend the stratcliff tests to check such cases. >> >> Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu, >> and powerpc-linux-gnu by removing the arch-specific assembly >> implementation and disabling multi-arch (it covers both LE and BE >> for 64 and 32 bits). > > thanks this looks good. > > Reviewed-by: Szabolcs Nagy > So before I push the fix along with the testcase, I checked all strncmp optimization and found out that some implementations also do not handle this correctly as expected: sysdeps/x86_64/multiarch/strncmp-sse2.S FAIL sysdeps/x86_64/multiarch/strncmp-sse4_2.S FAIL sysdeps/x86_64/multiarch/strncmp-avx2.S OK sysdeps/x86_64/multiarch/strncmp-evex.S ? sysdeps/x86_64/multiarch/strncmp-avx2-rtm.S ? sysdeps/ia64/strncmp.S ? sysdeps/sparc/sparc32/sparcv9/strncmp.S OK sysdeps/sparc/sparc64/strncmp.S OK sysdeps/aarch64/strncmp.S OK sysdeps/powerpc/powerpc32/power7/strncmp.S FAIL sysdeps/powerpc/powerpc32/405/strncmp.S ? sysdeps/powerpc/powerpc32/strncmp.S FAIL sysdeps/powerpc/powerpc32/power4/strncmp.S FAIL sysdeps/powerpc/powerpc64/power7/strncmp.S FAIL sysdeps/powerpc/powerpc64/power8/strncmp.S OK sysdeps/powerpc/powerpc64/strncmp.S FAIL sysdeps/powerpc/powerpc64/le/power9/strncmp.S OK sysdeps/alpha/strncmp.S FAIL sysdeps/i386/i686/multiarch/strncmp-sse4.S OK sysdeps/i386/i686/multiarch/strncmp-ssse3.S FAIL sysdeps/s390/strncmp-vx.S OK (the ? are implementations that I can really test, even qemu static thrown illegal instruction). Noah has brought to my attention that he tried to add similar tests, but they were rejected by strncmp string must be null-terminated [1]. The working drafts for C standard I have access (n1256.pdf for C99 and n3047.pdf for c2x) do not say possibly null-terminated array (as some stackoverflow answer state [2]) they refer only as array. So I tend to follow Florian understanding that strncmp inputs should be NULL terminated. So should we really consider this a OOB read on generic strncmp? [1] https://sourceware.org/pipermail/libc-alpha/2022-January/135130.html [2] https://stackoverflow.com/questions/41418766/is-it-legal-to-pass-a-non-null-terminated-string-to-strncmp-in-c