NetBSD Problem Report #50228
From chris@groessler.org Thu Sep 10 21:11:33 2015
Return-Path: <chris@groessler.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id E7E95A65B7
for <gnats-bugs@gnats.NetBSD.org>; Thu, 10 Sep 2015 21:11:32 +0000 (UTC)
Message-Id: <20150910200057.4C0032584F@muc-twinppc.groessler.org>
Date: Thu, 10 Sep 2015 22:00:57 +0200 (CEST)
From: chris@groessler.org
Reply-To: chris@groessler.org
To: gnats-bugs@NetBSD.org
Subject: bzero with zero length crashes
X-Send-Pr-Version: 3.95
>Number: 50228
>Category: port-macppc
>Synopsis: bzero with zero length crashes
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-macppc-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Sep 10 21:15:00 +0000 2015
>Closed-Date: Sat Jan 07 18:04:54 +0000 2017
>Last-Modified: Sat Jan 07 18:04:54 +0000 2017
>Originator: Christian Groessler
>Release: NetBSD 7.99.21
>Organization:
private
>Environment:
System: NetBSD muc-twinppc 7.99.21 NetBSD 7.99.21 (TWINPPC.MP) #0: Thu Sep 10 07:31:03 CEST 2015 chris@muc-twinppc:/local/netbsd-src/obj/sys/arch/macppc/compile/TWINPPC.MP macppc
Architecture: powerpc
Machine: macppc
>Description:
bzero(buffer, 0) zeroes out everything from <buffer> to 0xffffefff, then it crashes.
>How-To-Repeat:
Here's a test program:
$ cat test.c
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
extern int ret0(void);
int main(void)
{
char *x;
int len = ret0();
x = alloca(0);
printf("x: %p\n", x);
bzero(x, len);
printf("good\n");
return 0;
}
$ cat test1.c
int ret0(void) { return 0; }
$ gcc -o t test.c test1.c
$ ./t
x: 0xffffdc78
Segmentation fault (core dumped)
$
bzero(xxx, 0) is optimized away by the compiler, therefore the length comes from the test1.c file.
>Fix:
>Release-Note:
>Audit-Trail:
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/50228 CVS commit: src/tests/lib/libc/string
Date: Fri, 11 Sep 2015 09:25:52 +0000
Module Name: src
Committed By: martin
Date: Fri Sep 11 09:25:52 UTC 2015
Modified Files:
src/tests/lib/libc/string: t_memset.c
Log Message:
Add two test cases that should cover PR 50228.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/tests/lib/libc/string/t_memset.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Christian Groessler <chris@groessler.org>
To: gnats-bugs@NetBSD.org
Cc: chris@groessler.org
Subject: Re: port-macppc/50228
Date: Mon, 12 Dec 2016 21:34:57 +0100
I've added a check for zero size right at the beginning of "bzero" and
this change fixes the problem for me:
--------------
diff -u -p -r1.14 bzero.S
--- lib/libc/arch/powerpc/string/bzero.S 12 Sep 2013 15:36:15 -0000 1.14
+++ lib/libc/arch/powerpc/string/bzero.S 12 Dec 2016 19:10:44 -0000
@@ -53,6 +53,8 @@ __RCSID("$NetBSD: bzero.S,v 1.14 2013/09
.text
.align 4
ENTRY(bzero)
+ cmplwi %cr1, %r4, 0 /* Zero length? */
+ beqlr- %cr1 /* Yes, do nothing */
li r_val, 0 /* Value to stuff in */
b cb_memset
END(bzero)
--------------
regards,
chris
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, port-macppc-maintainer@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, chris@groessler.org
Cc:
Subject: Re: port-macppc/50228
Date: Mon, 12 Dec 2016 18:24:38 -0500
On Dec 12, 9:45pm, chris@groessler.org (Christian Groessler) wrote:
-- Subject: Re: port-macppc/50228
| I've added a check for zero size right at the beginning of "bzero" and
| this change fixes the problem for me:
But doesn't memset() need the same?
christos
From: matthew green <mrg@eterna.com.au>
To: christos@zoulas.com (Christos Zoulas)
Cc: gnats-bugs@NetBSD.org, port-macppc-maintainer@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, chris@groessler.org
Subject: re: port-macppc/50228
Date: Tue, 13 Dec 2016 12:37:41 +1100
Christos Zoulas writes:
> On Dec 12, 9:45pm, chris@groessler.org (Christian Groessler) wrote:
> -- Subject: Re: port-macppc/50228
>
> | I've added a check for zero size right at the beginning of "bzero" and
> | this change fixes the problem for me:
>
> But doesn't memset() need the same?
it has them?
ENTRY(memset)
cmplwi %cr1, %r5, 0
mr. %r0, %r4
mr %r8, %r3
beqlr- %cr1 /* Nothing to do */
[ .. ]
.mrg.
From: Christian Groessler <chris@groessler.org>
To: gnats-bugs@NetBSD.org
Cc: Christos Zoulas <christos@zoulas.com>, matthew green <mrg@eterna.com.au>,
chris@groessler.org
Subject: Re: port-macppc/50228
Date: Mon, 19 Dec 2016 14:35:27 +0100
ping?
Is there anything wrong with the patch?
regards,
chris
From: christos@zoulas.com (Christos Zoulas)
To: Christian Groessler <chris@groessler.org>, gnats-bugs@NetBSD.org
Cc: matthew green <mrg@eterna.com.au>
Subject: Re: port-macppc/50228
Date: Mon, 19 Dec 2016 09:27:39 -0500
On Dec 19, 2:35pm, chris@groessler.org (Christian Groessler) wrote:
-- Subject: Re: port-macppc/50228
| ping?
|
| Is there anything wrong with the patch?
No, sorry, I was wondering if it is already done in memset, (and bzero
calls memset) which is it also needed here. But now I noticed that it
is calling cb_memset, and memset does the same test... I will commit
it right now.
christos
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/50228 CVS commit: src/lib/libc/arch/powerpc/string
Date: Mon, 19 Dec 2016 09:30:23 -0500
Module Name: src
Committed By: christos
Date: Mon Dec 19 14:30:23 UTC 2016
Modified Files:
src/lib/libc/arch/powerpc/string: bzero.S
Log Message:
PR/50228: Christian Groessler: fix bzero(ptr, 0) on ppc. Check for 0 length
before jumping to cb_memset like memset does.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/lib/libc/arch/powerpc/string/bzero.S
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: matthew green <mrg@eterna.com.au>
To: Christian Groessler <chris@groessler.org>
Cc: Christos Zoulas <christos@zoulas.com>, gnats-bugs@NetBSD.org
Subject: re: port-macppc/50228
Date: Tue, 20 Dec 2016 12:24:21 +1100
Christian Groessler writes:
> ping?
>
> Is there anything wrong with the patch?
i meant to run-test it myself first, but hopefully it works ;)
thanks.
.mrg.
From: Christian Groessler <chris@groessler.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: port-macppc/50228
Date: Sat, 7 Jan 2017 02:36:17 +0100
I think this ticket can be closed.
regards,
chris
State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sat, 07 Jan 2017 18:04:54 +0000
State-Changed-Why:
author asked to close, sounds like it's fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.