This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13540] Bug in ssse3 strcpy, strncpy, stpncpy, stpcpy, strcat, strncat
- From: "liubov.dmitrieva at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 22 Dec 2011 12:16:36 +0000
- Subject: [Bug libc/13540] Bug in ssse3 strcpy, strncpy, stpncpy, stpcpy, strcat, strncat
- Auto-submitted: auto-generated
- References: <bug-13540-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13540
--- Comment #1 from Liubov Dmitrieva <liubov.dmitrieva at gmail dot com> 2011-12-22 12:16:36 UTC ---
I would like to post some details:
the problem is in all such labels for last bytes copying like below.
L(ShlNLoopExit):
movaps (%edx), %xmm6
psrldq $N, %xmm6
mov $N, %esi
palignr $16-N, %xmm1, %xmm6
movaps %xmm6, (%edx)
jmp L(CopyFrom1To16Bytes)
Algorithm loads 16 bytes from dst (%edx), modifies some part (N bytes) and
loads register back,
then goes to label where copies remaining M (can be from 1 to 16bytes).
In particalar cases when 16 - N > M, we can affect memory of other thread.
This thread can modify memory between load and store instructions here.
It can cause a corruption.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.