From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by sourceware.org (Postfix) with ESMTPS id DC6D23858430; Thu, 27 Jan 2022 21:06:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org DC6D23858430 Received: by mail-pj1-x1032.google.com with SMTP id s61-20020a17090a69c300b001b4d0427ea2so8829131pjj.4; Thu, 27 Jan 2022 13:06:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=et9JR2PBXfrKgr89mV1iTKHdjKsimx5Aj8I8wL+r8nE=; b=QmzTTkPS0ZYeFGqddbd4pV34qS0a4NmmHgxtOokBrJCzQhpu2iu/KPX76ZceDyTPRN sMxY5yFsi3ElDcOjMgvlx4AK8k160VtD3O3mq7mkvNpQ4B8deRzW6dYX1UjXy3LSGhgy kklMxR3N0SnDjk8uDcNjMUKmy6FqHoodT64hs7jU4Tz5VYCAAn78lmXJbZ9hNkCmoOLB +TwlGbf1pJEN6GkF7hS6YSO5a3FLC/rwZpYncrQiXx+AX3rxrSLdfBL2spg4saUclLaS R/oCHCpU9f85w24ty7aj+fhoVlGAxI9IzKbZhof/VOhaBMJ7fOumCY5p2vQqNjBSFbze 7Q6Q== X-Gm-Message-State: AOAM531KnPWBMWv1C/0t4CNcAlR3fH/abZgv1scezCq+Qh6kNkeVkBor hcPNA+0BXy8BurZXGEBJSsP5sRRym6KjveIdHvagPwvu X-Google-Smtp-Source: ABdhPJztUbEECTgUd4ZtpwV4/0RlMW8JCkxo3L4KIFoMVKv7E707+vXGrROAL3v7nX7EH7GHCmLEB6IU4uBYjEYjL9o= X-Received: by 2002:a17:902:a708:: with SMTP id w8mr5396605plq.101.1643317607720; Thu, 27 Jan 2022 13:06:47 -0800 (PST) MIME-Version: 1.0 References: <20210609205257.123944-1-goldstein.w.n@gmail.com> <20210623063149.1167067-1-goldstein.w.n@gmail.com> In-Reply-To: From: "H.J. Lu" Date: Thu, 27 Jan 2022 13:06:11 -0800 Message-ID: Subject: Re: [PATCH v3 1/3] String: Add overflow tests for strnlen, memchr, and strncat [BZ #27974] To: Noah Goldstein , Libc-stable Mailing List Cc: GNU C Library , "Carlos O'Donell" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-3027.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-stable@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-stable mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2022 21:06:51 -0000 On Wed, Jun 23, 2021 at 11:30 AM Noah Goldstein wrote: > > > > On Wed, Jun 23, 2021 at 1:30 PM H.J. Lu wrote: >> >> On Tue, Jun 22, 2021 at 11:32 PM Noah Goldstein wrote: >> > >> > This commit adds tests for a bug in the wide char variant of the >> > functions where the implementation may assume that maxlen for wcsnlen >> > or n for wmemchr/strncat will not overflow when multiplied by >> > sizeof(wchar_t). >> > >> > These tests show the following implementations failing on x86_64: >> > >> > wcsnlen-sse4_1 >> > wcsnlen-avx2 >> > >> > wmemchr-sse2 >> > wmemchr-avx2 >> > >> > strncat would fail as well if it where on a system that prefered >> > either of the wcsnlen implementations that failed as it relies on >> > wcsnlen. >> > >> > Signed-off-by: Noah Goldstein >> > --- >> > Rebased on: [PATCH v1 1/4] x86-64: Add wcslen optimize for sse4.1 >> > string/test-memchr.c | 39 ++++++++++++++++++++++++--- >> > string/test-strncat.c | 61 +++++++++++++++++++++++++++++++++++++++++++ >> > string/test-strnlen.c | 33 +++++++++++++++++++++++ >> > 3 files changed, 130 insertions(+), 3 deletions(-) >> > >> > diff --git a/string/test-memchr.c b/string/test-memchr.c >> > index 665edc32af..ce964284aa 100644 >> > --- a/string/test-memchr.c >> > +++ b/string/test-memchr.c >> > @@ -65,8 +65,8 @@ do_one_test (impl_t *impl, const CHAR *s, int c, size_t n, CHAR *exp_res) >> > CHAR *res = CALL (impl, s, c, n); >> > if (res != exp_res) >> > { >> > - error (0, 0, "Wrong result in function %s %p %p", impl->name, >> > - res, exp_res); >> > + error (0, 0, "Wrong result in function %s (%p, %d, %zu) -> %p != %p", >> > + impl->name, s, c, n, res, exp_res); >> > ret = 1; >> > return; >> > } >> > @@ -91,7 +91,7 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) >> > } >> > buf[align + len] = 0; >> > >> > - if (pos < len) >> > + if (pos < MIN(n, len)) >> > { >> > buf[align + pos] = seek_char; >> > buf[align + len] = -seek_char; >> > @@ -107,6 +107,38 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) >> > do_one_test (impl, (CHAR *) (buf + align), seek_char, n, result); >> > } >> > >> > +static void >> > +do_overflow_tests (void) >> > +{ >> > + size_t i, j, len; >> > + const size_t one = 1; >> > + uintptr_t buf_addr = (uintptr_t) buf1; >> > + >> > + for (i = 0; i < 750; ++i) >> > + { >> > + do_test (0, i, 751, SIZE_MAX - i, BIG_CHAR); >> > + do_test (0, i, 751, i - buf_addr, BIG_CHAR); >> > + do_test (0, i, 751, -buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, SIZE_MAX - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, SIZE_MAX - buf_addr + i, BIG_CHAR); >> > + >> > + len = 0; >> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >> > + { >> > + len |= one << j; >> > + do_test (0, i, 751, len - i, BIG_CHAR); >> > + do_test (0, i, 751, len + i, BIG_CHAR); >> > + do_test (0, i, 751, len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, len - buf_addr + i, BIG_CHAR); >> > + >> > + do_test (0, i, 751, ~len - i, BIG_CHAR); >> > + do_test (0, i, 751, ~len + i, BIG_CHAR); >> > + do_test (0, i, 751, ~len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, ~len - buf_addr + i, BIG_CHAR); >> > + } >> > + } >> > +} >> > + >> > static void >> > do_random_tests (void) >> > { >> > @@ -221,6 +253,7 @@ test_main (void) >> > do_test (page_size / 2 - i, i, i, 1, 0x9B); >> > >> > do_random_tests (); >> > + do_overflow_tests (); >> > return ret; >> > } >> > >> > diff --git a/string/test-strncat.c b/string/test-strncat.c >> > index 2ef917b820..37ea26ea05 100644 >> > --- a/string/test-strncat.c >> > +++ b/string/test-strncat.c >> > @@ -134,6 +134,66 @@ do_test (size_t align1, size_t align2, size_t len1, size_t len2, >> > } >> > } >> > >> > +static void >> > +do_overflow_tests (void) >> > +{ >> > + size_t i, j, len; >> > + const size_t one = 1; >> > + CHAR *s1, *s2; >> > + uintptr_t s1_addr; >> > + s1 = (CHAR *) buf1; >> > + s2 = (CHAR *) buf2; >> > + s1_addr = (uintptr_t)s1; >> > + for (j = 0; j < 200; ++j) >> > + s2[j] = 32 + 23 * j % (BIG_CHAR - 32); >> > + s2[200] = 0; >> > + for (i = 0; i < 750; ++i) { >> > + for (j = 0; j < i; ++j) >> > + s1[j] = 32 + 23 * j % (BIG_CHAR - 32); >> > + s1[i] = '\0'; >> > + >> > + FOR_EACH_IMPL (impl, 0) >> > + { >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, SIZE_MAX - i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, i - s1_addr); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, -s1_addr - i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr - i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr + i); >> > + } >> > + >> > + len = 0; >> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >> > + { >> > + len |= one << j; >> > + FOR_EACH_IMPL (impl, 0) >> > + { >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, len - i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, len + i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, len - s1_addr - i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, len - s1_addr + i); >> > + >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, ~len - i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, ~len + i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, ~len - s1_addr - i); >> > + s2[200] = '\0'; >> > + do_one_test (impl, s2, s1, ~len - s1_addr + i); >> > + } >> > + } >> > + } >> > +} >> > + >> > static void >> > do_random_tests (void) >> > { >> > @@ -316,6 +376,7 @@ test_main (void) >> > } >> > >> > do_random_tests (); >> > + do_overflow_tests (); >> > return ret; >> > } >> > >> > diff --git a/string/test-strnlen.c b/string/test-strnlen.c >> > index 920f58e97b..f53e09263f 100644 >> > --- a/string/test-strnlen.c >> > +++ b/string/test-strnlen.c >> > @@ -89,6 +89,38 @@ do_test (size_t align, size_t len, size_t maxlen, int max_char) >> > do_one_test (impl, (CHAR *) (buf + align), maxlen, MIN (len, maxlen)); >> > } >> > >> > +static void >> > +do_overflow_tests (void) >> > +{ >> > + size_t i, j, len; >> > + const size_t one = 1; >> > + uintptr_t buf_addr = (uintptr_t) buf1; >> > + >> > + for (i = 0; i < 750; ++i) >> > + { >> > + do_test (0, i, SIZE_MAX - i, BIG_CHAR); >> > + do_test (0, i, i - buf_addr, BIG_CHAR); >> > + do_test (0, i, -buf_addr - i, BIG_CHAR); >> > + do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR); >> > + >> > + len = 0; >> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >> > + { >> > + len |= one << j; >> > + do_test (0, i, len - i, BIG_CHAR); >> > + do_test (0, i, len + i, BIG_CHAR); >> > + do_test (0, i, len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, len - buf_addr + i, BIG_CHAR); >> > + >> > + do_test (0, i, ~len - i, BIG_CHAR); >> > + do_test (0, i, ~len + i, BIG_CHAR); >> > + do_test (0, i, ~len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, ~len - buf_addr + i, BIG_CHAR); >> > + } >> > + } >> > +} >> > + >> > static void >> > do_random_tests (void) >> > { >> > @@ -283,6 +315,7 @@ test_main (void) >> > do_random_tests (); >> > do_page_tests (); >> > do_page_2_tests (); >> > + do_overflow_tests (); >> > return ret; >> > } >> > >> > -- >> > 2.25.1 >> > >> >> LGTM. >> >> Reviewed-by: H.J. Lu >> >> Thanks. >> >> -- >> H.J. > > > Pushed and closed the bug report (left comment in bug report with the commits). I am backporting this patch set to release branches, including their dependency patches. -- H.J.