Bug#210441: marked as done ([patch/ia64] memccpy segfault fix)

To: Daniel Jacobowitz <dan@debian.org>
Cc: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Subject: Bug#210441: marked as done ([patch/ia64] memccpy segfault fix)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 12 Sep 2003 16:03:30 -0500
Message-id: <[🔎] handler.210441.D210441.106340003720399.ackdone@bugs.debian.org>
In-reply-to: <E19xuru-0000ZQ-00@auric.debian.org>
References: <E19xuru-0000ZQ-00@auric.debian.org> <[🔎] 20030911144913.GQ10510@tausq.org>
Your message dated Fri, 12 Sep 2003 16:50:14 -0400
with message-id <E19xuru-0000ZQ-00@auric.debian.org>
and subject line Bug#210441: fixed in glibc 2.3.2-7
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Sep 2003 14:42:48 +0000
>From randolph@tausq.org Thu Sep 11 09:41:48 2003
Return-path: <randolph@tausq.org>
Received: from gandalf.tausq.org (pippin.tausq.org) [64.81.244.94] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 19xSdo-0003hd-00; Thu, 11 Sep 2003 09:41:48 -0500
Received: by pippin.tausq.org (Postfix, from userid 1000)
	id 1B503CD2FC; Thu, 11 Sep 2003 07:49:13 -0700 (PDT)
Date: Thu, 11 Sep 2003 07:49:13 -0700
From: Randolph Chung <tausq@debian.org>
To: submit@bugs.debian.org
Subject: [patch/ia64] memccpy segfault fix
Message-ID: <[🔎] 20030911144913.GQ10510@tausq.org>
Reply-To: Randolph Chung <tausq@debian.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-PGP: for PGP key, see http://www.tausq.org/pgp.txt
X-GPG: for GPG key, see http://www.tausq.org/gpg.txt
User-Agent: Mutt/1.5.3i
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-13.3 required=4.0
	tests=HAS_PACKAGE,PATCH_UNIFIED_DIFF,USER_AGENT_MUTT
	autolearn=ham version=2.53-bugs.debian.org_2003_8_27
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_8_27 (1.174.2.15-2003-03-30-exp)

Package: glibc
Version: 2.3.2
Severity: important
Tags: patch

See 
http://sources.redhat.com/ml/libc-hacker/2003-09/msg00033.html
for details.  Please either apply this, or take it from cvs.

tnx
randolph

#! /bin/sh -e

# All lines beginning with `# DP:' are a description of the patch.
# DP: Description: memccpy segfault fix
# DP: Author: Jes Sorenson <jes@wildopensource.com>
# DP: Upstream status: in cvs
# DP: Status Details: Posted to debian-ia64 and libc-hacker mailing list
# DP: Date: Tue, 09 Sep 2003 08:19:17 -0700

if [ $# -ne 2 ]; then
    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
    exit 1
fi
case "$1" in
    -patch) patch -d "$2" -f --no-backup-if-mismatch -p0 < $0;;
    -unpatch) patch -d "$2" -f --no-backup-if-mismatch -R -p0 < $0;;
    *)
	echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
	exit 1
esac
exit 0

# append the patch here and adjust the -p? flag in the patch calls.
2003-04-11  Jes Sorensen  <jes@wildopensource.com>

	* sysdeps/ia64/memccpy.S: When recovering for src_aligned and the
	character is found during recovery, use correct register when
	determining the position of the found character.
	
2003-04-01  Jes Sorensen  <jes@wildopensource.com>

	* sysdeps/ia64/memccpy.S: Use speculatively loads for readahead to
	avoid segfaults when reading from unmapped pages. For aligned
	reload and continue, for misaligned, roll back and use byte copy.
	Save ar.ec on entry and restore on exit.

Index: sysdeps/ia64/memccpy.S
===================================================================
RCS file: /cvs/glibc/libc/sysdeps/ia64/memccpy.S,v
retrieving revision 1.5
diff -u -r1.5 memccpy.S
--- sysdeps/ia64/memccpy.S	6 Jul 2001 04:55:54 -0000	1.5
+++ sysdeps/ia64/memccpy.S	9 Sep 2003 14:15:32 -0000
@@ -1,6 +1,6 @@
 /* Optimized version of the memccpy() function.
    This file is part of the GNU C Library.
-   Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+   Copyright (C) 2000, 2001, 2003 Free Software Foundation, Inc.
    Contributed by Dan Pop <Dan.Pop@cern.ch>.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -46,6 +46,7 @@
 #define tmp		r23
 #define char		r24
 #define charx8		r25
+#define saved_ec	r26
 #define sh2		r28
 #define	sh1		r29
 #define loopcnt		r30
@@ -56,25 +57,27 @@
 	alloc 	r2 = ar.pfs, 4, 40 - 4, 0, 40
 
 #include "softpipe.h"
-	.rotr	r[MEMLAT + 3], tmp1[4], tmp2[4], val[4], tmp3[2], pos0[2]
+	.rotr	r[MEMLAT + 7], tmp1[4], tmp2[4], val[4], tmp3[2], pos0[2]
 	.rotp	p[MEMLAT + 6 + 1]
 
 	mov	ret0 = r0		// return NULL if no match
 	.save pr, saved_pr
 	mov	saved_pr = pr		// save the predicate registers
+	mov 	dest = in0		// dest
 	.save ar.lc, saved_lc
         mov 	saved_lc = ar.lc	// save the loop counter
+        mov 	saved_ec = ar.ec	// save the loop counter
 	.body
-	mov 	dest = in0		// dest
 	mov 	src = in1		// src
 	extr.u	char = in2, 0, 8	// char
 	mov	len = in3		// len
 	sub	tmp = r0, in0		// tmp = -dest
 	cmp.ne	p7, p0 = r0, r0		// clear p7
 	;;
-	and	loopcnt = 7, tmp		// loopcnt = -dest % 8
+	and	loopcnt = 7, tmp	// loopcnt = -dest % 8
 	cmp.ge	p6, p0 = OP_T_THRES, len	// is len <= OP_T_THRES
-(p6)	br.cond.spnt	.cpyfew			// copy byte by byte
+	mov	ar.ec = 0		// ec not guaranteed zero on entry
+(p6)	br.cond.spnt	.cpyfew		// copy byte by byte
 	;;
 	cmp.eq	p6, p0 = loopcnt, r0
 	mux1	charx8 = char, @brcst
@@ -109,26 +112,31 @@
 	cmp.ne	p6, p0 = r0, r0	;;	// clear p6
 	.align	32
 .l2:
-(p[0])		ld8	r[0] = [asrc], 8		// r[0] = w1
+(p[0])		ld8.s	r[0] = [asrc], 8		// r[0] = w1
 (p[MEMLAT])	shr.u	tmp1[0] = r[1 + MEMLAT], sh1	// tmp1 = w0 >> sh1
 (p[MEMLAT])	shl	tmp2[0] = r[0 + MEMLAT], sh2  	// tmp2 = w1 << sh2
 (p[MEMLAT+4])	xor	tmp3[0] = val[1], charx8
 (p[MEMLAT+5])	czx1.r	pos0[0] = tmp3[1]
+(p[MEMLAT+6])	chk.s	r[6 + MEMLAT], .recovery1	// our data isn't
+							// valid - rollback!
 (p[MEMLAT+6])	cmp.ne	p6, p0 = 8, pos0[1]
 (p6)		br.cond.spnt	.gotit
 (p[MEMLAT+6])	st8	[dest] = val[3], 8		// store val to dest
 (p[MEMLAT+3])	or	val[0] = tmp1[3], tmp2[3] 	// val = tmp1 | tmp2
 		br.ctop.sptk    .l2
 		br.cond.sptk .cpyfew
+
 .src_aligned:
 		cmp.ne  p6, p0 = r0, r0			// clear p6
 		mov     ar.ec = MEMLAT + 2 + 1 ;;	// set EC
 .l3:
-(p[0])		ld8	r[0] = [src], 8
+(p[0])		ld8.s	r[0] = [src], 8
 (p[MEMLAT])	xor	tmp3[0] = r[MEMLAT], charx8
 (p[MEMLAT+1])	czx1.r	pos0[0] = tmp3[1]
 (p[MEMLAT+2])	cmp.ne	p7, p0 = 8, pos0[1]
+(p[MEMLAT+2])	chk.s	r[MEMLAT+2], .recovery2
 (p7)		br.cond.spnt	.gotit
+.back2:
 (p[MEMLAT+2])	st8	[dest] = r[MEMLAT+2], 8
 		br.ctop.dptk .l3
 .cpyfew:
@@ -148,6 +156,7 @@
 .restore_and_exit:
 	mov     pr = saved_pr, -1    	// restore the predicate registers
 	mov 	ar.lc = saved_lc	// restore the loop counter
+	mov 	ar.ec = saved_ec ;;	// restore the epilog counter
 	br.ret.sptk.many b0
 .gotit:
 	.pred.rel "mutex" p6, p7
@@ -163,4 +172,33 @@
 	mov	pr = saved_pr, -1
 	mov	ar.lc = saved_lc
 	br.ret.sptk.many b0
+
+.recovery1:
+	adds	src = -(MEMLAT + 6 + 1) * 8, asrc
+	mov	loopcnt = ar.lc
+	mov	tmp = ar.ec ;;
+	sub	sh1 = (MEMLAT + 6 + 1), tmp
+	shr.u	sh2 = sh2, 3
+	;; 
+	shl	loopcnt = loopcnt, 3
+	sub	src = src, sh2
+	shl	sh1 = sh1, 3
+	shl	tmp = tmp, 3
+	;;
+	add	len = len, loopcnt
+	add	src = sh1, src ;;
+	add	len = tmp, len
+.back1:
+	br.cond.sptk .cpyfew
+
+.recovery2:
+	add	tmp = -(MEMLAT + 3) * 8, src
+(p7)	br.cond.spnt .gotit
+	;;
+	ld8	r[MEMLAT+2] = [tmp] ;;
+	xor	pos0[1] = r[MEMLAT+2], charx8 ;;
+	czx1.r	pos0[1] = pos0[1] ;;
+	cmp.ne	p7, p6 = 8, pos0[1]
+(p7)	br.cond.spnt .gotit
+	br.cond.sptk .back2
 END(memccpy)

---------------------------------------
Received: (at 210441-close) by bugs.debian.org; 12 Sep 2003 20:53:57 +0000
>From katie@auric.debian.org Fri Sep 12 15:53:56 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 19xuvU-0005IT-00; Fri, 12 Sep 2003 15:53:56 -0500
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
	id 19xuru-0000ZQ-00; Fri, 12 Sep 2003 16:50:14 -0400
From: Daniel Jacobowitz <dan@debian.org>
To: 210441-close@bugs.debian.org
X-Katie: $Revision: 1.35 $
Subject: Bug#210441: fixed in glibc 2.3.2-7
Message-Id: <E19xuru-0000ZQ-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Fri, 12 Sep 2003 16:50:14 -0400
Delivered-To: 210441-close@bugs.debian.org

Source: glibc
Source-Version: 2.3.2-7

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:

glibc-doc_2.3.2-7_all.deb
  to pool/main/g/glibc/glibc-doc_2.3.2-7_all.deb
glibc_2.3.2-7.diff.gz
  to pool/main/g/glibc/glibc_2.3.2-7.diff.gz
glibc_2.3.2-7.dsc
  to pool/main/g/glibc/glibc_2.3.2-7.dsc
libc-udeb_2.3.2-7_i386.udeb
  to pool/main/g/glibc/libc-udeb_2.3.2-7_i386.udeb
libc6-dbg_2.3.2-7_i386.deb
  to pool/main/g/glibc/libc6-dbg_2.3.2-7_i386.deb
libc6-dev_2.3.2-7_i386.deb
  to pool/main/g/glibc/libc6-dev_2.3.2-7_i386.deb
libc6-pic_2.3.2-7_i386.deb
  to pool/main/g/glibc/libc6-pic_2.3.2-7_i386.deb
libc6-prof_2.3.2-7_i386.deb
  to pool/main/g/glibc/libc6-prof_2.3.2-7_i386.deb
libc6_2.3.2-7_i386.deb
  to pool/main/g/glibc/libc6_2.3.2-7_i386.deb
locales_2.3.2-7_all.deb
  to pool/main/g/glibc/locales_2.3.2-7_all.deb
nscd_2.3.2-7_i386.deb
  to pool/main/g/glibc/nscd_2.3.2-7_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 210441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Jacobowitz <dan@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 12 Sep 2003 14:56:19 -0400
Source: glibc
Binary: libc6.1-prof libc1 libc0.3-pic locales glibc-doc libc6-pic libc-udeb libc1-prof libc0.3 libc0.3-dbg libc6.1-dev libc1-pic libc6-s390x libc6-prof libc1-dbg libc6-dev-sparc64 libc6 libc0.3-dev libc6-dbg nscd libc6.1-dbg libc6.1-pic libc6-sparc64 libc6-dev libc0.3-prof libc6.1 libc6-dev-s390x libc1-dev
Architecture: source i386 all
Version: 2.3.2-7
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Daniel Jacobowitz <dan@debian.org>
Description: 
 glibc-doc  - GNU C Library: Documentation
 libc-udeb  - GNU C Library: Shared libraries and Timezone data - udeb (udeb)
 libc6      - GNU C Library: Shared libraries and Timezone data
 libc6-dbg  - GNU C Library: Libraries with debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files.
 libc6-pic  - GNU C Library: PIC archive library
 libc6-prof - GNU C Library: Profiling Libraries.
 locales    - GNU C Library: National Language (locale) data [support]
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 207221 208016 210347 210441
Changes: 
 glibc (2.3.2-7) unstable; urgency=medium
 .
   * GOTO Masanori  <gotom@debian.org>
 .
     - debian/patches/90_glibc232-mathinline_iso.dpatch: Fix inline math
       function complaints with gcc -pedantic -ffast-math.  Patched by
       Thomas Richter <thor@math.TU-Berlin.DE>.  (Closes: #208016, #207221)
 .
     - debian/patches/template.dpatch: Added DP: Related bugs: field.  You can
       use it to put which bugs are related with this dpatch.
 .
   * Daniel Jacobowitz <dan@debian.org>
 .
     - debian/control.in/main: Update binutils dependency for !s390.
 .
     - debian/patches/linuxthreads-push-pop.dpatch: Add __libc_cleanup_push
       and __libc_cleanup_pop.
     - debian/patches/syslog-backrev.dpatch: Remove, no longer necessary.
       This should fix the crashes in syslog without libpthread loaded.
 .
     - debian/patches/linuxthreads-jumptable-wine.dpatch: Move
       pthread_cond_timedwait out of the way, so that it doesn't break
       the way Wine pokes into this structure (Closes: #210347).
 .
     - debian/patches/ia64-memccpy.patch: Fix a segfault on ia64
       (Closes: #210441).
Files: 
 2b2a08b48ea63cb4aa2a9d8084178acc 1678 libs required glibc_2.3.2-7.dsc
 7ce50128fa97b14c58399da2ee40455b 1171658 libs required glibc_2.3.2-7.diff.gz
 18d0f9e3a50e973daf725c00d6f06f07 3717170 base required libc6_2.3.2-7_i386.deb
 831b5efc810dc337a5ab81f2781a60cf 1064978 debian-installer required libc-udeb_2.3.2-7_i386.udeb
 bbea83d11840c1f3f85292f88f5467ab 2558188 libdevel standard libc6-dev_2.3.2-7_i386.deb
 a9a086791d16eade7d2deadf2dd8eecf 1026678 libdevel extra libc6-prof_2.3.2-7_i386.deb
 e35a84cc38182e10b9eb985a3c2bcc1c 8510842 libdevel extra libc6-dbg_2.3.2-7_i386.deb
 84a5a864b4af71bf8fb3ca0f9b8575cc 996826 libdevel optional libc6-pic_2.3.2-7_i386.deb
 e1aa27151356c0606507fc7f12eb9805 77616 admin optional nscd_2.3.2-7_i386.deb
 c98be6681e0c9ef2d3a6cfbcac7eb007 3799498 base standard locales_2.3.2-7_all.deb
 6a9aa6a2c6adb642cef2ca8fe3966948 3705038 doc optional glibc-doc_2.3.2-7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/Yi3ObgOPXuCjg3cRAl1aAJ9OzSj3N8Egt04gHvY4UDHpOAflrgCgu5lF
VvX23R/Z2+XXtX4xmjIUysc=
=5p1u
-----END PGP SIGNATURE-----
Reply to:
References:
- Bug#210441: [patch/ia64] memccpy segfault fix
  - From: Randolph Chung <tausq@debian.org>
Prev by Date: Bug#210347: marked as done (libc6: pthread_cond_timedwait.dpatch breaks Wine)
Next by Date: Bug#208016: marked as done (g++-3.3.2 -O3 -ffast-math does not accept <math.h> with all warning options enabled.)
Previous by thread: Bug#210441: [patch/ia64] memccpy segfault fix
Next by thread: Bug#210460: locale -a doesn't list all available locales
Index(es):
- Date
- Thread