Bug 500136 - memchr(ptr,c,0) makes invalid memory access
Summary: memchr(ptr,c,0) makes invalid memory access
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: rawhide
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-11 11:13 UTC by Bruno Haible
Modified: 2009-05-11 23:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-05-11 23:37:24 UTC


Attachments (Terms of Use)
test case (653 bytes, text/plain)
2009-05-11 11:14 UTC, Bruno Haible
no flags Details

Description Bruno Haible 2009-05-11 11:13:13 UTC
Description of problem:

memchr(ptr,c,0) makes a memory access to *ptr. But according to ISO C 99, memchr(ptr,c,n) must only access the n bytes starting at ptr, not the n+1 bytes starting at ptr. For n=0, it means no memory access to *ptr at all.

Version-Release number of selected component (if applicable):


How reproducible:

Compile and run the attached program.

Steps to Reproduce:
1. gcc -O -Wall memchr-bug.c
2. ./a.out
  
Actual results:

Segfaults inside memchr:

    memchr () at ../sysdeps/x86_64/memchr.S:31
    31              movdqa  (%rdi), %xmm0

Expected results:

Exits normally with exit code 0.

Additional info:

This may be the same bug as
https://bugzilla.redhat.com/show_bug.cgi?id=499705

A related but different issue is
https://bugzilla.redhat.com/show_bug.cgi?id=499689

Comment 1 Bruno Haible 2009-05-11 11:14:03 UTC
Created attachment 343427 [details]
test case

Comment 2 Jakub Jelinek 2009-05-11 23:37:24 UTC
Fixed in glibc-2.10.1 in rawhide.


Note You need to log in before you can comment on or make changes to this bug.