diff options
author | Michael Matz <matz@suse.de> | 2012-04-05 10:48:14 +0200 |
---|---|---|
committer | Andreas Jaeger <aj@suse.de> | 2012-04-05 10:50:09 +0200 |
commit | e80d6f94e19d17b91e3cd3ada7193cc88f621feb (patch) | |
tree | f519a13feef74d70dfade10c595b72d3113add5f /sysdeps | |
parent | 349fa79f5527f78d60c78eb1fbb2dfb56846018c (diff) | |
download | glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar.gz glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar.xz glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.zip |
Fix size parameter comparisions.
[BZ #13592] There are several signed compares of the size argument, whereas it really is unsigned. Depending on situations e.g. a "memset(ptr, 0, -1)" segfault (but for the wrong reasons, because jumping into nirvana) or succeeds even. In normal use this is harmless, as a size with signbit set indicates more than half the address space which on x86_64 is impossible to allocate, but as the size is used to index some jump tables this potentially could have other unwanted side effects.
Diffstat (limited to 'sysdeps')
-rw-r--r-- | sysdeps/x86_64/memset.S | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sysdeps/x86_64/memset.S b/sysdeps/x86_64/memset.S index 7be907192c..9511745a41 100644 --- a/sysdeps/x86_64/memset.S +++ b/sysdeps/x86_64/memset.S @@ -1,6 +1,6 @@ /* memset/bzero -- set memory area to CH/0 Optimized version for x86-64. - Copyright (C) 2002-2005, 2007, 2008, 2011 Free Software Foundation, Inc. + Copyright (C) 2002-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -52,7 +52,7 @@ L(ck2): imul %r9,%rdx L(now_dw_aligned): cmp $0x90,%r8 - jg L(ck_mem_ops_method) + ja L(ck_mem_ops_method) L(now_dw_aligned_small): add %r8,%rdi #ifndef PIC @@ -604,7 +604,7 @@ L(aligned_now): punpcklqdq %xmm0,%xmm0 cmp $0xb0,%r8 # 176 - jge L(byte32sse2_pre) + jae L(byte32sse2_pre) add %r8,%rdi # ifndef PIC @@ -864,7 +864,7 @@ L(byte32sse2_pre): mov __x86_64_shared_cache_size(%rip),%r9d # The largest cache size cmp %r9,%r8 - jg L(sse2_nt_move_pre) + ja L(sse2_nt_move_pre) #jmp L(byte32sse2) .balign 16 L(byte32sse2): @@ -880,7 +880,7 @@ L(byte32sse2): movdqa %xmm0,0x70(%rdi) lea 0x80(%rdi),%rdi - jge L(byte32sse2) + jae L(byte32sse2) add %r8,%rdi # ifndef PIC lea L(SSExDx)(%rip),%r11 @@ -914,7 +914,7 @@ L(sse2_nt_move): movntdq %xmm0,0x70(%rdi) lea 0x80(%rdi),%rdi - jge L(sse2_nt_move) + jae L(sse2_nt_move) sfence add %r8,%rdi # ifndef PIC |