Bug 500136

Summary: memchr(ptr,c,0) makes invalid memory access
Product: [Fedora] Fedora Reporter: Bruno Haible <bruno>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: jakub, p
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-11 23:37:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test case none

Description Bruno Haible 2009-05-11 11:13:13 UTC 
Description of problem:

memchr(ptr,c,0) makes a memory access to *ptr. But according to ISO C 99, memchr(ptr,c,n) must only access the n bytes starting at ptr, not the n+1 bytes starting at ptr. For n=0, it means no memory access to *ptr at all.

Version-Release number of selected component (if applicable):


How reproducible:

Compile and run the attached program.

Steps to Reproduce:
1. gcc -O -Wall memchr-bug.c
2. ./a.out
  
Actual results:

Segfaults inside memchr:

    memchr () at ../sysdeps/x86_64/memchr.S:31
    31              movdqa  (%rdi), %xmm0

Expected results:

Exits normally with exit code 0.

Additional info:

This may be the same bug as
https://bugzilla.redhat.com/show_bug.cgi?id=499705

A related but different issue is
https://bugzilla.redhat.com/show_bug.cgi?id=499689
Comment 1 Bruno Haible 2009-05-11 11:14:03 UTC 
Created attachment 343427 [details]
test case
Comment 2 Jakub Jelinek 2009-05-11 23:37:24 UTC 
Fixed in glibc-2.10.1 in rawhide.