This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: BZ#13592: Fix x86-64 memset


Could somebody review and approve this, please?

Thanks,
Andreas

On Monday, March 26, 2012 12:13:08 Andreas Jaeger wrote:
> From bugzilla:
> 
> "This problem seems to exist since the x86_64 variant of memset was
> improved years ago (certainly 2.11 already has the problem, as well as
> current git).  There are several signed compares of the size argument,
> whereas it really is unsigned.  Depending on situations e.g. a
> "memset(ptr, 0, -1)" segfault (but for the wrong reasons, because
> jumping into nirvana) or succeeds even.
> 
> In normal use this is harmless, as a size with signbit set indicates
> more than half the address space which on x86_64 is impossible to
> allocate, but as the size is used to index some jump tables this
> potentially could have other unwanted side effects."
> 
> Ok to commit (I'll change the copyrigh header before commit)?
> 
> This was tested on x86-64,
> Andreas
> 
> 2012-03-26  Andreas Jaeger  <aj@suse.de>
> 
> 	* sysdeps/x86_64/memset.S: Fix size paramater comparisions.
> 	Patch by Michael Matz <matz@suse.de>
> 
> 
> Index: sysdeps/x86_64/memset.S
> ===================================================================
> --- sysdeps/x86_64/memset.S.orig	2011-11-14 16:28:28.000000000 +0100
> +++ sysdeps/x86_64/memset.S	2012-01-12 14:27:48.000000000 +0100
> @@ -53,7 +53,7 @@ L(ck2):
>  	imul   %r9,%rdx
>  L(now_dw_aligned):
>  	cmp    $0x90,%r8
> -	jg     L(ck_mem_ops_method)
> +	ja     L(ck_mem_ops_method)
>  L(now_dw_aligned_small):
>  	add    %r8,%rdi
>  #ifndef PIC
> @@ -605,7 +605,7 @@ L(aligned_now):
>  	 punpcklqdq %xmm0,%xmm0
> 
>  	 cmp    $0xb0,%r8 # 176
> -	 jge    L(byte32sse2_pre)
> +	 jae    L(byte32sse2_pre)
> 
>  	 add    %r8,%rdi
>  # ifndef PIC
> @@ -865,7 +865,7 @@ L(byte32sse2_pre):
> 
>  	mov    __x86_64_shared_cache_size(%rip),%r9d  # The largest cache size
>  	cmp    %r9,%r8
> -	jg     L(sse2_nt_move_pre)
> +	ja     L(sse2_nt_move_pre)
>  	#jmp    L(byte32sse2)
>  	.balign     16
>  L(byte32sse2):
> @@ -881,7 +881,7 @@ L(byte32sse2):
>  	movdqa %xmm0,0x70(%rdi)
> 
>  	lea    0x80(%rdi),%rdi
> -	jge    L(byte32sse2)
> +	jae    L(byte32sse2)
>  	add    %r8,%rdi
>  # ifndef PIC
>  	lea    L(SSExDx)(%rip),%r11
> @@ -915,7 +915,7 @@ L(sse2_nt_move):
>  	movntdq %xmm0,0x70(%rdi)
> 
>  	lea    0x80(%rdi),%rdi
> -	jge    L(sse2_nt_move)
> +	jae    L(sse2_nt_move)
>  	sfence
>  	add    %r8,%rdi
>  # ifndef PIC

-- 
 Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
  SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
   GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
    GPG fingerprint = 93A3 365E CE47 B889 DF7F  FED1 389A 563C C272 A126


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]