This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/13540] Bug in ssse3 strcpy, strncpy, stpncpy, stpcpy, strcat, strncat


http://sourceware.org/bugzilla/show_bug.cgi?id=13540

--- Comment #1 from Liubov Dmitrieva <liubov.dmitrieva at gmail dot com> 2011-12-22 12:16:36 UTC ---
I would like to post some details:

the problem is in all such labels for last bytes copying like below.

L(ShlNLoopExit):
    movaps    (%edx), %xmm6
    psrldq    $N, %xmm6
    mov    $N, %esi
    palignr    $16-N, %xmm1, %xmm6
    movaps    %xmm6, (%edx)
    jmp    L(CopyFrom1To16Bytes)

Algorithm loads 16 bytes from dst (%edx), modifies some part (N bytes) and
loads  register back,
then goes to label where copies remaining M (can be from 1 to 16bytes).
In particalar cases when 16 - N > M, we can affect memory of other thread.
This thread can modify memory between load and store instructions here.
It can cause a corruption.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]