[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
memchr: Work around memory overrun bug on AIX 7.2
From: |
Bruno Haible |
Subject: |
memchr: Work around memory overrun bug on AIX 7.2 |
Date: |
Fri, 11 Dec 2020 12:20:06 +0100 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-193-generic; KDE/5.18.0; x86_64; ; ) |
On AIX 7.2 in 32-bit mode, I see a test failure:
../../build-aux/test-driver[111]: 14156200 Segmentation fault(coredump)
FAIL: test-memchr
Investigation shows that the code accesses the second word of the
indicated memory region, even if the searched byte already occurs
in the first word of the memory region:
(gdb) disassemble memchr
Dump of assembler code for function memchr:
...
0xd0141888 <+104>: lwz r8,0(r3)
=> 0xd014188c <+108>: lwz r9,4(r3)
(gdb) print (void *)$r3
$2 = (void *) 0x30002ffc
For glibc this was classified as a glibc bug
<https://sourceware.org/bugzilla/show_bug.cgi?id=10162>,
and worked around in Gnulib. The same criteria apply here.
2020-12-11 Bruno Haible <bruno@clisp.org>
memchr: Work around memory overrun bug on AIX 7.2.
* m4/memchr.m4 (gl_FUNC_MEMCHR): Test against AIX 7.2 bug.
* doc/posix-functions/memchr.texi: Mention the AIX bug.
diff --git a/doc/posix-functions/memchr.texi b/doc/posix-functions/memchr.texi
index 5ceb71f..98ef20e 100644
--- a/doc/posix-functions/memchr.texi
+++ b/doc/posix-functions/memchr.texi
@@ -10,7 +10,7 @@ Portability problems fixed by Gnulib:
@itemize
@item
This function dereferences too much memory on some platforms:
-glibc 2.10 on x86_64, IA-64; glibc 2.11 on Alpha.
+glibc 2.10 on x86_64, IA-64; glibc 2.11 on Alpha, AIX 7.2.
@item
This function returns NULL if the character argument is not in the range
of an @code{unsigned char} on some platforms:
diff --git a/m4/memchr.m4 b/m4/memchr.m4
index 81e8f98..888d2b2 100644
--- a/m4/memchr.m4
+++ b/m4/memchr.m4
@@ -1,4 +1,4 @@
-# memchr.m4 serial 16
+# memchr.m4 serial 17
dnl Copyright (C) 2002-2004, 2009-2020 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -59,6 +59,7 @@ AC_DEFUN_ONCE([gl_FUNC_MEMCHR],
#endif
if (fence)
{
+ /* Test against bugs on glibc systems. */
if (memchr (fence, 0, 0))
result |= 1;
strcpy (fence - 9, "12345678");
@@ -66,6 +67,9 @@ AC_DEFUN_ONCE([gl_FUNC_MEMCHR],
result |= 2;
if (memchr (fence - 1, 0, 3) != fence - 1)
result |= 4;
+ /* Test against bug on AIX 7.2. */
+ if (memchr (fence - 4, '6', 16) != fence - 4)
+ result |= 8;
}
/* Test against bug on Android 4.3. */
{
@@ -74,7 +78,7 @@ AC_DEFUN_ONCE([gl_FUNC_MEMCHR],
input[1] = 'b';
input[2] = 'c';
if (memchr (input, 0x789abc00 | 'b', 3) != input + 1)
- result |= 8;
+ result |= 16;
}
return result;
]])],
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- memchr: Work around memory overrun bug on AIX 7.2,
Bruno Haible <=