From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 982123858D1E for ; Tue, 3 Jan 2023 19:54:19 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1672775659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=w+aaxY+BikB0PFuMRhp5PqOZKqxvqLpZOWQNHTVusg8=; b=MzOg66i0ygd2dstb0NZGJN9oQfnYDcmX53BvPtRF0EN8dD8JHudWjihWo4JIMAwXvZ451L vVXy4144ZNQJHOjSqkbAZ2D6V5iUxOKtbbmEyY/6TiilfOY7dQVyjvjunM47PS+h3RuNls 1vE80NBm4RzAhsp5gwMHmeUKptbRBo0= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-488-meKQ_NZTMBeyPqZfWb_Kug-1; Tue, 03 Jan 2023 14:54:16 -0500 X-MC-Unique: meKQ_NZTMBeyPqZfWb_Kug-1 Received: by mail-qt1-f198.google.com with SMTP id bb12-20020a05622a1b0c00b003a98dd528f0so10888722qtb.13 for ; Tue, 03 Jan 2023 11:54:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w+aaxY+BikB0PFuMRhp5PqOZKqxvqLpZOWQNHTVusg8=; b=FQUDgz5gnlPZDu5pXFGo6rekrhYIxEKaUMEXFBgx1z2fw9eI8c/kwol5MQ1CythgVK I4CPH1+24dMrmArXTWSK7tHJUMVcB/YiptWcaCy6ryuUtRqMkVtJ36MmC7c6tHQbnf7q Pvz/3dX/ohObb1MNdrYr6HbzGXsDMR81+T64cNjyO4OKUiOZK2ye3kZJmD6U+8yW5U8F Ps6BwT1MuJZhPpxBiB+XHNfUui154Jmnavs25Ery7c+ov994CRRudXngIvzKI7RquwQQ N1fwtUQAIBfKDAPZzlCYcn5SUoH3yvuTplejltyttfYfHWHNFJyDdvR0u1TOohxa4dNi pUEg== X-Gm-Message-State: AFqh2krBidcGMDSaMIgepNSq47ZSENPP52e8+hxwErKyw7O7q58nTumr uB3LnD1+vxbxBlm4baj3XLiic6XWmhw1oZkc9e8kilagjng3wOWFadgDx+mJHWyB2F8twzJVZca 7VNaMCRMFJ2RH9Ui+yKOILJnaXyzV8Xw= X-Received: by 2002:a05:622a:1dcb:b0:3a7:eb77:9361 with SMTP id bn11-20020a05622a1dcb00b003a7eb779361mr1419317qtb.290.1672775655414; Tue, 03 Jan 2023 11:54:15 -0800 (PST) X-Google-Smtp-Source: AMrXdXuLwwFhqWNYEjLxqpsjD4PsHoQoTKUfIZTShlwJi8qQiNz/aq2eanKvV6bAV7hOld6HCicA3Hu0L+nUq4LJqj8= X-Received: by 2002:a05:622a:1dcb:b0:3a7:eb77:9361 with SMTP id bn11-20020a05622a1dcb00b003a7eb779361mr1419314qtb.290.1672775655113; Tue, 03 Jan 2023 11:54:15 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jeff Johnston Date: Tue, 3 Jan 2023 14:54:04 -0500 Message-ID: Subject: Re: Bug in memccpy To: Bugs Reporter Cc: newlib@sourceware.org, sbansal@iitd.ac.in, shubhani@sit.iitd.ac.in, abhishek.rose@cse.iitd.ac.in, Jai.Arora.cs518@cse.iitd.ac.in X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: multipart/alternative; boundary="000000000000b65cda05f1616e5a" X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000b65cda05f1616e5a Content-Type: text/plain; charset="UTF-8" Hello, Thanks for the patch. It has been pushed to the master repo. -- Jeff J. On Wed, Dec 28, 2022 at 6:32 AM Bugs Reporter wrote: > Hi, > > I am writing to report a bug in the memccpy function of newlib. > The bug is in the C implementation of memccpy as located in the > newlib/libc/string/ directory of the newlib repository. The newlib version > was `4.2.0` and the source code was downloaded from the latest release > on the > official website. > Please find a detailed report below. > > memccpy(): > As specified in the OpenBSD manpage[0], memccpy should convert the input > argument `c` to `unsigned char` before performing the check. Newlib's fast > implementation of `memccpy` (when the macros `PREFER_SIZE_OVER_SPEED` and > `__OPTIMIZE_SIZE__` are not defined) converts `c` to `signed char` (stored > in endchar) and computes a mask as follows: > ``` > for (i = 0; i < LITTLEBLOCKSIZE; i++) > mask = (mask << 8) + endchar; > ``` > This is used to detect `endchar` in one long word and is supposed to > represent a word whose each byte has the same value as `endchar`. But if > the input character lies in the extended ASCII set, then `endchar` is > negative, which leads to an incorrect mask computation. > > An example input is: > const char src[] = {1, 2, 3, 4, 5, 192, 6, 7}; > char dst[8] = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H'}; > memccpy(dst, src, 192, 8); > if (dst[7] != 'H') { > printf("BUG!\n"); > } > > The file that demonstrates the bug can be found here > < > https://github.com/compilerai/bug-reports/blob/master/bug_files/newlib_memccpy_bug.c > > > . > A patch that applies the necessary fix is available here > < > https://github.com/compilerai/bug-reports/blob/master/patch/newlib_memccpy.patch > > > . > > 0: https://man.openbsd.org/memccpy > > Thanks, > > Jai Arora, Abhishek Rose, Shubhani Gupta, Sorav Bansal > CompilerAI Research Group > IIT Delhi, India > > --000000000000b65cda05f1616e5a--