Bug#210441: marked as done ([patch/ia64] memccpy segfault fix)
Your message dated Fri, 12 Sep 2003 16:50:14 -0400
with message-id <E19xuru-0000ZQ-00@auric.debian.org>
and subject line Bug#210441: fixed in glibc 2.3.2-7
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Sep 2003 14:42:48 +0000
>From randolph@tausq.org Thu Sep 11 09:41:48 2003
Return-path: <randolph@tausq.org>
Received: from gandalf.tausq.org (pippin.tausq.org) [64.81.244.94]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19xSdo-0003hd-00; Thu, 11 Sep 2003 09:41:48 -0500
Received: by pippin.tausq.org (Postfix, from userid 1000)
id 1B503CD2FC; Thu, 11 Sep 2003 07:49:13 -0700 (PDT)
Date: Thu, 11 Sep 2003 07:49:13 -0700
From: Randolph Chung <tausq@debian.org>
To: submit@bugs.debian.org
Subject: [patch/ia64] memccpy segfault fix
Message-ID: <[🔎] 20030911144913.GQ10510@tausq.org>
Reply-To: Randolph Chung <tausq@debian.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-PGP: for PGP key, see http://www.tausq.org/pgp.txt
X-GPG: for GPG key, see http://www.tausq.org/gpg.txt
User-Agent: Mutt/1.5.3i
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-13.3 required=4.0
tests=HAS_PACKAGE,PATCH_UNIFIED_DIFF,USER_AGENT_MUTT
autolearn=ham version=2.53-bugs.debian.org_2003_8_27
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_8_27 (1.174.2.15-2003-03-30-exp)
Package: glibc
Version: 2.3.2
Severity: important
Tags: patch
See
http://sources.redhat.com/ml/libc-hacker/2003-09/msg00033.html
for details. Please either apply this, or take it from cvs.
tnx
randolph
#! /bin/sh -e
# All lines beginning with `# DP:' are a description of the patch.
# DP: Description: memccpy segfault fix
# DP: Author: Jes Sorenson <jes@wildopensource.com>
# DP: Upstream status: in cvs
# DP: Status Details: Posted to debian-ia64 and libc-hacker mailing list
# DP: Date: Tue, 09 Sep 2003 08:19:17 -0700
if [ $# -ne 2 ]; then
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
fi
case "$1" in
-patch) patch -d "$2" -f --no-backup-if-mismatch -p0 < $0;;
-unpatch) patch -d "$2" -f --no-backup-if-mismatch -R -p0 < $0;;
*)
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
esac
exit 0
# append the patch here and adjust the -p? flag in the patch calls.
2003-04-11 Jes Sorensen <jes@wildopensource.com>
* sysdeps/ia64/memccpy.S: When recovering for src_aligned and the
character is found during recovery, use correct register when
determining the position of the found character.
2003-04-01 Jes Sorensen <jes@wildopensource.com>
* sysdeps/ia64/memccpy.S: Use speculatively loads for readahead to
avoid segfaults when reading from unmapped pages. For aligned
reload and continue, for misaligned, roll back and use byte copy.
Save ar.ec on entry and restore on exit.
Index: sysdeps/ia64/memccpy.S
===================================================================
RCS file: /cvs/glibc/libc/sysdeps/ia64/memccpy.S,v
retrieving revision 1.5
diff -u -r1.5 memccpy.S
--- sysdeps/ia64/memccpy.S 6 Jul 2001 04:55:54 -0000 1.5
+++ sysdeps/ia64/memccpy.S 9 Sep 2003 14:15:32 -0000
@@ -1,6 +1,6 @@
/* Optimized version of the memccpy() function.
This file is part of the GNU C Library.
- Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+ Copyright (C) 2000, 2001, 2003 Free Software Foundation, Inc.
Contributed by Dan Pop <Dan.Pop@cern.ch>.
The GNU C Library is free software; you can redistribute it and/or
@@ -46,6 +46,7 @@
#define tmp r23
#define char r24
#define charx8 r25
+#define saved_ec r26
#define sh2 r28
#define sh1 r29
#define loopcnt r30
@@ -56,25 +57,27 @@
alloc r2 = ar.pfs, 4, 40 - 4, 0, 40
#include "softpipe.h"
- .rotr r[MEMLAT + 3], tmp1[4], tmp2[4], val[4], tmp3[2], pos0[2]
+ .rotr r[MEMLAT + 7], tmp1[4], tmp2[4], val[4], tmp3[2], pos0[2]
.rotp p[MEMLAT + 6 + 1]
mov ret0 = r0 // return NULL if no match
.save pr, saved_pr
mov saved_pr = pr // save the predicate registers
+ mov dest = in0 // dest
.save ar.lc, saved_lc
mov saved_lc = ar.lc // save the loop counter
+ mov saved_ec = ar.ec // save the loop counter
.body
- mov dest = in0 // dest
mov src = in1 // src
extr.u char = in2, 0, 8 // char
mov len = in3 // len
sub tmp = r0, in0 // tmp = -dest
cmp.ne p7, p0 = r0, r0 // clear p7
;;
- and loopcnt = 7, tmp // loopcnt = -dest % 8
+ and loopcnt = 7, tmp // loopcnt = -dest % 8
cmp.ge p6, p0 = OP_T_THRES, len // is len <= OP_T_THRES
-(p6) br.cond.spnt .cpyfew // copy byte by byte
+ mov ar.ec = 0 // ec not guaranteed zero on entry
+(p6) br.cond.spnt .cpyfew // copy byte by byte
;;
cmp.eq p6, p0 = loopcnt, r0
mux1 charx8 = char, @brcst
@@ -109,26 +112,31 @@
cmp.ne p6, p0 = r0, r0 ;; // clear p6
.align 32
.l2:
-(p[0]) ld8 r[0] = [asrc], 8 // r[0] = w1
+(p[0]) ld8.s r[0] = [asrc], 8 // r[0] = w1
(p[MEMLAT]) shr.u tmp1[0] = r[1 + MEMLAT], sh1 // tmp1 = w0 >> sh1
(p[MEMLAT]) shl tmp2[0] = r[0 + MEMLAT], sh2 // tmp2 = w1 << sh2
(p[MEMLAT+4]) xor tmp3[0] = val[1], charx8
(p[MEMLAT+5]) czx1.r pos0[0] = tmp3[1]
+(p[MEMLAT+6]) chk.s r[6 + MEMLAT], .recovery1 // our data isn't
+ // valid - rollback!
(p[MEMLAT+6]) cmp.ne p6, p0 = 8, pos0[1]
(p6) br.cond.spnt .gotit
(p[MEMLAT+6]) st8 [dest] = val[3], 8 // store val to dest
(p[MEMLAT+3]) or val[0] = tmp1[3], tmp2[3] // val = tmp1 | tmp2
br.ctop.sptk .l2
br.cond.sptk .cpyfew
+
.src_aligned:
cmp.ne p6, p0 = r0, r0 // clear p6
mov ar.ec = MEMLAT + 2 + 1 ;; // set EC
.l3:
-(p[0]) ld8 r[0] = [src], 8
+(p[0]) ld8.s r[0] = [src], 8
(p[MEMLAT]) xor tmp3[0] = r[MEMLAT], charx8
(p[MEMLAT+1]) czx1.r pos0[0] = tmp3[1]
(p[MEMLAT+2]) cmp.ne p7, p0 = 8, pos0[1]
+(p[MEMLAT+2]) chk.s r[MEMLAT+2], .recovery2
(p7) br.cond.spnt .gotit
+.back2:
(p[MEMLAT+2]) st8 [dest] = r[MEMLAT+2], 8
br.ctop.dptk .l3
.cpyfew:
@@ -148,6 +156,7 @@
.restore_and_exit:
mov pr = saved_pr, -1 // restore the predicate registers
mov ar.lc = saved_lc // restore the loop counter
+ mov ar.ec = saved_ec ;; // restore the epilog counter
br.ret.sptk.many b0
.gotit:
.pred.rel "mutex" p6, p7
@@ -163,4 +172,33 @@
mov pr = saved_pr, -1
mov ar.lc = saved_lc
br.ret.sptk.many b0
+
+.recovery1:
+ adds src = -(MEMLAT + 6 + 1) * 8, asrc
+ mov loopcnt = ar.lc
+ mov tmp = ar.ec ;;
+ sub sh1 = (MEMLAT + 6 + 1), tmp
+ shr.u sh2 = sh2, 3
+ ;;
+ shl loopcnt = loopcnt, 3
+ sub src = src, sh2
+ shl sh1 = sh1, 3
+ shl tmp = tmp, 3
+ ;;
+ add len = len, loopcnt
+ add src = sh1, src ;;
+ add len = tmp, len
+.back1:
+ br.cond.sptk .cpyfew
+
+.recovery2:
+ add tmp = -(MEMLAT + 3) * 8, src
+(p7) br.cond.spnt .gotit
+ ;;
+ ld8 r[MEMLAT+2] = [tmp] ;;
+ xor pos0[1] = r[MEMLAT+2], charx8 ;;
+ czx1.r pos0[1] = pos0[1] ;;
+ cmp.ne p7, p6 = 8, pos0[1]
+(p7) br.cond.spnt .gotit
+ br.cond.sptk .back2
END(memccpy)
---------------------------------------
Received: (at 210441-close) by bugs.debian.org; 12 Sep 2003 20:53:57 +0000
>From katie@auric.debian.org Fri Sep 12 15:53:56 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19xuvU-0005IT-00; Fri, 12 Sep 2003 15:53:56 -0500
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
id 19xuru-0000ZQ-00; Fri, 12 Sep 2003 16:50:14 -0400
From: Daniel Jacobowitz <dan@debian.org>
To: 210441-close@bugs.debian.org
X-Katie: $Revision: 1.35 $
Subject: Bug#210441: fixed in glibc 2.3.2-7
Message-Id: <E19xuru-0000ZQ-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Fri, 12 Sep 2003 16:50:14 -0400
Delivered-To: 210441-close@bugs.debian.org
Source: glibc
Source-Version: 2.3.2-7
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:
glibc-doc_2.3.2-7_all.deb
to pool/main/g/glibc/glibc-doc_2.3.2-7_all.deb
glibc_2.3.2-7.diff.gz
to pool/main/g/glibc/glibc_2.3.2-7.diff.gz
glibc_2.3.2-7.dsc
to pool/main/g/glibc/glibc_2.3.2-7.dsc
libc-udeb_2.3.2-7_i386.udeb
to pool/main/g/glibc/libc-udeb_2.3.2-7_i386.udeb
libc6-dbg_2.3.2-7_i386.deb
to pool/main/g/glibc/libc6-dbg_2.3.2-7_i386.deb
libc6-dev_2.3.2-7_i386.deb
to pool/main/g/glibc/libc6-dev_2.3.2-7_i386.deb
libc6-pic_2.3.2-7_i386.deb
to pool/main/g/glibc/libc6-pic_2.3.2-7_i386.deb
libc6-prof_2.3.2-7_i386.deb
to pool/main/g/glibc/libc6-prof_2.3.2-7_i386.deb
libc6_2.3.2-7_i386.deb
to pool/main/g/glibc/libc6_2.3.2-7_i386.deb
locales_2.3.2-7_all.deb
to pool/main/g/glibc/locales_2.3.2-7_all.deb
nscd_2.3.2-7_i386.deb
to pool/main/g/glibc/nscd_2.3.2-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 210441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Jacobowitz <dan@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 12 Sep 2003 14:56:19 -0400
Source: glibc
Binary: libc6.1-prof libc1 libc0.3-pic locales glibc-doc libc6-pic libc-udeb libc1-prof libc0.3 libc0.3-dbg libc6.1-dev libc1-pic libc6-s390x libc6-prof libc1-dbg libc6-dev-sparc64 libc6 libc0.3-dev libc6-dbg nscd libc6.1-dbg libc6.1-pic libc6-sparc64 libc6-dev libc0.3-prof libc6.1 libc6-dev-s390x libc1-dev
Architecture: source i386 all
Version: 2.3.2-7
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Daniel Jacobowitz <dan@debian.org>
Description:
glibc-doc - GNU C Library: Documentation
libc-udeb - GNU C Library: Shared libraries and Timezone data - udeb (udeb)
libc6 - GNU C Library: Shared libraries and Timezone data
libc6-dbg - GNU C Library: Libraries with debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files.
libc6-pic - GNU C Library: PIC archive library
libc6-prof - GNU C Library: Profiling Libraries.
locales - GNU C Library: National Language (locale) data [support]
nscd - GNU C Library: Name Service Cache Daemon
Closes: 207221 208016 210347 210441
Changes:
glibc (2.3.2-7) unstable; urgency=medium
.
* GOTO Masanori <gotom@debian.org>
.
- debian/patches/90_glibc232-mathinline_iso.dpatch: Fix inline math
function complaints with gcc -pedantic -ffast-math. Patched by
Thomas Richter <thor@math.TU-Berlin.DE>. (Closes: #208016, #207221)
.
- debian/patches/template.dpatch: Added DP: Related bugs: field. You can
use it to put which bugs are related with this dpatch.
.
* Daniel Jacobowitz <dan@debian.org>
.
- debian/control.in/main: Update binutils dependency for !s390.
.
- debian/patches/linuxthreads-push-pop.dpatch: Add __libc_cleanup_push
and __libc_cleanup_pop.
- debian/patches/syslog-backrev.dpatch: Remove, no longer necessary.
This should fix the crashes in syslog without libpthread loaded.
.
- debian/patches/linuxthreads-jumptable-wine.dpatch: Move
pthread_cond_timedwait out of the way, so that it doesn't break
the way Wine pokes into this structure (Closes: #210347).
.
- debian/patches/ia64-memccpy.patch: Fix a segfault on ia64
(Closes: #210441).
Files:
2b2a08b48ea63cb4aa2a9d8084178acc 1678 libs required glibc_2.3.2-7.dsc
7ce50128fa97b14c58399da2ee40455b 1171658 libs required glibc_2.3.2-7.diff.gz
18d0f9e3a50e973daf725c00d6f06f07 3717170 base required libc6_2.3.2-7_i386.deb
831b5efc810dc337a5ab81f2781a60cf 1064978 debian-installer required libc-udeb_2.3.2-7_i386.udeb
bbea83d11840c1f3f85292f88f5467ab 2558188 libdevel standard libc6-dev_2.3.2-7_i386.deb
a9a086791d16eade7d2deadf2dd8eecf 1026678 libdevel extra libc6-prof_2.3.2-7_i386.deb
e35a84cc38182e10b9eb985a3c2bcc1c 8510842 libdevel extra libc6-dbg_2.3.2-7_i386.deb
84a5a864b4af71bf8fb3ca0f9b8575cc 996826 libdevel optional libc6-pic_2.3.2-7_i386.deb
e1aa27151356c0606507fc7f12eb9805 77616 admin optional nscd_2.3.2-7_i386.deb
c98be6681e0c9ef2d3a6cfbcac7eb007 3799498 base standard locales_2.3.2-7_all.deb
6a9aa6a2c6adb642cef2ca8fe3966948 3705038 doc optional glibc-doc_2.3.2-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/Yi3ObgOPXuCjg3cRAl1aAJ9OzSj3N8Egt04gHvY4UDHpOAflrgCgu5lF
VvX23R/Z2+XXtX4xmjIUysc=
=5p1u
-----END PGP SIGNATURE-----
Reply to: