500136 – memchr(ptr,c,0) makes invalid memory access

Bug 500136 - memchr(ptr,c,0) makes invalid memory access

Summary: memchr(ptr,c,0) makes invalid memory access

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	glibc
Sub Component:
Version:	rawhide
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-05-11 11:13 UTC by Bruno Haible
Modified:	2009-05-11 23:37 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-05-11 23:37:24 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
test case (653 bytes, text/plain) 2009-05-11 11:14 UTC, Bruno Haible	no flags	Details
View All

Description Bruno Haible 2009-05-11 11:13:13 UTC

Description of problem:

memchr(ptr,c,0) makes a memory access to *ptr. But according to ISO C 99, memchr(ptr,c,n) must only access the n bytes starting at ptr, not the n+1 bytes starting at ptr. For n=0, it means no memory access to *ptr at all.

Version-Release number of selected component (if applicable):


How reproducible:

Compile and run the attached program.

Steps to Reproduce:
1. gcc -O -Wall memchr-bug.c
2. ./a.out
  
Actual results:

Segfaults inside memchr:

    memchr () at ../sysdeps/x86_64/memchr.S:31
    31              movdqa  (%rdi), %xmm0

Expected results:

Exits normally with exit code 0.

Additional info:

This may be the same bug as
https://bugzilla.redhat.com/show_bug.cgi?id=499705

A related but different issue is
https://bugzilla.redhat.com/show_bug.cgi?id=499689

Comment 1 Bruno Haible 2009-05-11 11:14:03 UTC

Created attachment 343427 [details]
test case

Comment 2 Jakub Jelinek 2009-05-11 23:37:24 UTC

Fixed in glibc-2.10.1 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.