From: "Chen, Kenneth W" <kenneth.w.chen@intel.com>
To: linux-ia64@vger.kernel.org
Subject: RE: [Linux-ia64] IA64 strncpy in 2.2.4-30 - bug and patch
Date: Tue, 19 Nov 2002 18:35:44 +0000 [thread overview]
Message-ID: <marc-linux-ia64-105590709805461@msgid-missing> (raw)
In-Reply-To: <marc-linux-ia64-105590709805337@msgid-missing>
[-- Attachment #1: Type: text/plain, Size: 1424 bytes --]
Here is the updated patch against current glibc cvs strncpy.S v1.9.
There are two hunks in this patch. The first hunk initialize ar.ec, ec is not guaranteed to be zero upon function entry, although most likely it will be zero. But such assumption is functionally broken.
The second hunk fixes the seg fault in recovery 4 section. The case of seg fault is that when src length ends exactly at a page boundary, and there are no mapping after that page. In recovery 4, it is trying to access an invalid address due to earlier loop that src pointer got post incremented pass beyond current page.
- Ken
-----Original Message-----
From: Randolph Chung [mailto:randolph@tausq.org]
Sent: Tuesday, November 19, 2002 8:19 AM
To: Chen, Kenneth W
Cc: bug-glibc@gnu.org; linux-ia64@linuxia64.org
Subject: Re: [Linux-ia64] IA64 strncpy in 2.2.4-30 - bug and patch
In reference to a message from Chen, Kenneth W, dated Nov 07:
> We found more bugs in the code, and here is an updated patch to fix them.
> Note this patch supercedes the one I sent yesterday.
>
> Also attached is the test program we used to verify the fix.
Is there an updated version of this that applies against glibc cvs? Or
is the one Jakub/Roland checked in sufficient (it looks more like the first
version you posted)
thanks,
randolph
--
Randolph Chung
Debian GNU/Linux Developer, hppa/ia64 ports
http://www.tausq.org/
[-- Attachment #2: strncpy.fix.cvs_v1.9 --]
[-- Type: application/octet-stream, Size: 574 bytes --]
--- strncpy.S.orig Tue Nov 19 10:22:01 2002
+++ strncpy.S Tue Nov 19 10:29:21 2002
@@ -63,6 +63,7 @@
mov saved_pr = pr // save the predicate registers
.save ar.lc, saved_lc
mov saved_lc = ar.lc // save the loop counter
+ mov ar.ec = 0
.body
cmp.geu p6, p5 = 24, in2
(p6) br.cond.spnt .short_len
@@ -221,7 +222,9 @@
ld8 r[MEMLAT] = [tmp]
br.cond.sptk .back3
.recovery4:
+ cmp.eq p8,p9=0,len
add tmp = -MEMLAT * 8, src ;;
- ld8 r[MEMLAT - 1] = [tmp]
+(p8) mov r[MEMLAT - 1] = r0
+(p9) ld8 r[MEMLAT - 1] = [tmp]
br.cond.sptk .back4
END(strncpy)
prev parent reply other threads:[~2002-11-19 18:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-06 0:39 [Linux-ia64] IA64 strncpy in 2.2.4-30 - bug and patch Reese Faucette
2002-11-06 0:43 ` Chen, Kenneth W
2002-11-07 2:56 ` Chen, Kenneth W
2002-11-07 19:10 ` Chen, Kenneth W
2002-11-08 11:06 ` Andreas Schwab
2002-11-08 11:31 ` Reese Faucette
2002-11-19 16:19 ` Randolph Chung
2002-11-19 18:35 ` Chen, Kenneth W [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-linux-ia64-105590709805461@msgid-missing \
--to=kenneth.w.chen@intel.com \
--cc=linux-ia64@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox