This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug string/20971] New: powerpc64/power7 memchr overflows internal pointer check
- From: "adhemerval.zanella at linaro dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 15 Dec 2016 11:53:20 +0000
- Subject: [Bug string/20971] New: powerpc64/power7 memchr overflows internal pointer check
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20971
Bug ID: 20971
Summary: powerpc64/power7 memchr overflows internal pointer
check
Product: glibc
Version: 2.13
Status: NEW
Severity: normal
Priority: P2
Component: string
Assignee: unassigned at sourceware dot org
Reporter: adhemerval.zanella at linaro dot org
Target Milestone: ---
On POWER7 memchr.S:
24 ENTRY (__memchr)
25 CALL_MCOUNT 3
26 dcbt 0,r3
27 clrrdi r8,r3,3
28 insrdi r4,r4,8,48
29 add r7,r3,r5 /* Calculate the last acceptable address. */
The r7 addition should handle overflow, otherwise pointer check in the code may
fail resulting in wrong output. A simple test triggers the issue:
--
#define _GNU_SOURCE 1
#include <string.h>
#include <stdio.h>
void *
my_rawmemchr (const void *s, int c)
{
if (c != '\0')
return memchr (s, c, (size_t)-1);
return (char *)s + strlen (s);
}
int main ()
{
// p=0x3fffb057fe00 | aling=10
int seek_char = 0x41;
size_t align = 10;
unsigned char input [32];
input[10] = 0x34;
input[11] = 0x78;
input[12] = 0x3d;
input[13] = 0x7b;
input[14] = 0xa1;
input[15] = seek_char;
printf ("%p\n", my_rawmemchr (input+align, seek_char));
printf ("%p\n", rawmemchr (input+align, seek_char));
return 0;
}
--
--
You are receiving this mail because:
You are on the CC list for the bug.