Bug#159633: strncpy on alpha/libc broken
On Sun, Sep 08, 2002 at 07:38:53PM +1000, Herbert Xu wrote:
> On Wed, Sep 04, 2002 at 06:33:18PM +0000, Adam Heath wrote:
> > package: libc6.1
> > version: 2.2.5-11.1
> > severity: serious
> >
> > On lully, I have a repeatable segfault being caused by strncpy(which calls
> > __stxncpy).
>
> Here is a patch which should solve this problem. It still needs to be
> analysed for scheduling.
>
> I don't buy the serious severity though since all it does is cross
> a page boundary in very rare circumstances. I know it's rare because
> this code has been around for at least five years in both Linux and
> glibc, yet no one has reported this before.
This patch is incorrect, unfortunately:
{standard input}:182: Error: symbol `xdr_bp_whoambp_wh' is already defined
{standard input}:187: Error: symbol `$xdr_bp_whoambp_wh..ng' is already defined
The precise nature of the error you get there depends on what you do to
strncpy - having broken it a couple of times myself working on this.
Fortunately the glibc build uses strncpy.
I'm not quite sure why your patch doesn't work but I think that
$u_late_head_exit is the wrong exit point... and I'm not sure why the
extra subtract was needed. I was testing a branch to $u_eocfin but
that isn't right either...
> --- stxncpy.S 2001-07-24 03:55:20.000000000 +1000
> +++ /home/gondolin/herbert/stxncpy.S 2002-09-08 19:23:45.000000000 +1000
> @@ -192,6 +192,7 @@
> cmpbge zero, t2, t7 # e0 : find nulls in second partial
> addq a0, 8, a0 # .. e1 :
> subq a2, 1, a2 # e0 :
> + beq a2, $u_late_head_exit
> bne t7, $u_late_head_exit # .. e1 :
>
> /* Finally, we've got all the stupid leading edge cases taken care
> @@ -200,6 +201,7 @@
> extql t2, a1, t1 # e0 : position hi-bits of lo word
> ldq_u t2, 8(a1) # .. e1 : read next high-order source word
> addq a1, 8, a1 # e0 :
> + subq a2, 1, a2
> cmpbge zero, t2, t7 # e1 (stall)
> beq a2, $u_eoc # e1 :
> bne t7, $u_eos # e1 :
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
Reply to: