strchr bug?

Chris Faylor cgf@cygnus.com
Tue Nov 9 13:15:00 GMT 1999


In article < upuxjq1tj.fsf@1c.ru >, Vadim Egorov  <egorovv@1c.ru> wrote:
>Hello,
>While porting ElectricFence to cygwin I encountered a problem
>with strchr implementation in newlib.
>When it finds character occurance near the end of string it seems 
>to access (sometimes) memory past the end of string. When the memory
>just after the end of string is unaccessible it causes access violation.
>This can be reproduced by the following program:
>
>-------------- test.cc --------------
>#include <string.h>
>#include <windows.h>
>char pattern[] = "::\0";
>
>int main()
>{
>    DWORD dw;
>    int len = 4;
>    if (sizeof(pattern) != len)
>        return 1;
>    char* base = (char*)VirtualAlloc(0, 0x10000, MEM_COMMIT, PAGE_READWRITE);
>    char* end = base + 4096;
>    if (!VirtualProtect(end, 4096, PAGE_NOACCESS, &dw))
>        return 1;
>    char* p = end - len;
>    memcpy(p, pattern, len);
>    p++;
>    p = strchr(p, ':');
>    return 0;
>}
>-------------- test.cc --------------
>
>What confuses is that it happens only when optimization is turned on:
>gcc test.cc -O2 -o test
>I tried it with gcc 2.95 and 2.95.2 and recent cygwin snapshots.
>Any idea?

Thanks for the bug report and especially for the test case.  I've
forwarded this to our newlib development team and they've come up
with a fix.  It is below.

This will show up in the next snapshot as well.

-chris

----- Forwarded message from J. Johnston" <jjohnstn@cygnus.com> -----
To: Chris Faylor <cgf@cygnus.com>
Subject: Re: [egorovv@1c.ru: strchr bug?]

Chris,

I have identified the problem in newlib/libc/machine/i386/strchr.S 
and have checked a patch into devo.  I have attached the patch
if you need to send it to the user prior to your nightly build.

-- Jeff J.

> ----- Forwarded message from Vadim Egorov <egorovv@1c.ru> -----
> [snip]
> 
> ----- End forwarded message -----
--------------851B2C2FBABC35E4F80FBDE7
Content-Type: text/plain; charset=us-ascii;
 name="strchr.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="strchr.patch"

Index: strchr.S
===================================================================
RCS file: /cvs/cvsfiles/devo/newlib/libc/machine/i386/strchr.S,v
retrieving revision 1.1
diff -c -p -r1.1 strchr.S
*** strchr.S	1998/11/30 22:03:46	1.1
--- strchr.S	1999/11/09 17:23:21
*************** SYM (strchr):
*** 24,30 ****
  
  #ifndef __OPTIMIZE_SIZE__	
  /* check if string is aligned, if not do check one byte at a time */
! 	testb $3,al
  	jne L9
  
  /* create 4 byte mask which is just the desired byte repeated 4 times */
--- 24,30 ----
  
  #ifndef __OPTIMIZE_SIZE__	
  /* check if string is aligned, if not do check one byte at a time */
! 	test $3,edi
  	jne L9
  
  /* create 4 byte mask which is just the desired byte repeated 4 times */

--------------851B2C2FBABC35E4F80FBDE7--


-- 
cgf@cygnus.com
http://www.cygnus.com/

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com



More information about the Cygwin mailing list