about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--NEWS2
-rw-r--r--sysdeps/x86/bits/string.h18
3 files changed, 20 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 15deac774f..c6c3356228 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-07-07  Torvald Riegel  <triegel@redhat.com>
+
+	[BZ #18633]
+	* sysdeps/x86/bits/string.h (__memmove_g): Do not create invalid
+	pointer in C code.
+	(__strcat_c): Likewise.
+	(__strcat_g): Likewise.
+
 2015-07-07  Cyril Hrubis <chrubis@suse.cz>
 
 	[BZ #18592]
diff --git a/NEWS b/NEWS
index 53dea6e468..569a7d6acc 100644
--- a/NEWS
+++ b/NEWS
@@ -25,7 +25,7 @@ Version 2.22
   18496, 18497, 18498, 18502, 18507, 18512, 18513, 18519, 18520, 18522,
   18527, 18528, 18529, 18530, 18532, 18533, 18534, 18536, 18539, 18540,
   18542, 18544, 18545, 18546, 18547, 18549, 18553, 18558, 18569, 18583,
-  18585, 18586, 18592, 18593, 18594, 18602, 18612, 18613, 18619.
+  18585, 18586, 18592, 18593, 18594, 18602, 18612, 18613, 18619, 18633.
 
 * Cache information can be queried via sysconf() function on s390 e.g. with
   _SC_LEVEL1_ICACHE_SIZE as argument.
diff --git a/sysdeps/x86/bits/string.h b/sysdeps/x86/bits/string.h
index a117f6be1f..4973620b83 100644
--- a/sysdeps/x86/bits/string.h
+++ b/sysdeps/x86/bits/string.h
@@ -176,13 +176,15 @@ __memmove_g (void *__dest, const void *__src, size_t __n)
 	 "m" ( *(struct { __extension__ char __x[__n]; } *)__src));
   else
     __asm__ __volatile__
-      ("std\n\t"
+      ("decl %1\n\t"
+       "decl %2\n\t"
+       "std\n\t"
        "rep; movsb\n\t"
        "cld"
        : "=&c" (__d0), "=&S" (__d1), "=&D" (__d2),
 	 "=m" ( *(struct { __extension__ char __x[__n]; } *)__dest)
-       : "0" (__n), "1" (__n - 1 + (const char *) __src),
-	 "2" (__n - 1 + (char *) __tmp),
+       : "0" (__n), "1" (__n + (const char *) __src),
+	 "2" (__n + (char *) __tmp),
 	 "m" ( *(struct { __extension__ char __x[__n]; } *)__src));
   return __dest;
 }
@@ -999,9 +1001,10 @@ __strcat_c (char *__dest, const char __src[], size_t __srclen)
      : "cc");
   --__tmp;
 # else
-  register char *__tmp = __dest - 1;
+  register char *__tmp = __dest;
   __asm__ __volatile__
-    ("1:\n\t"
+    ("decl	%0\n\t"
+     "1:\n\t"
      "incl	%0\n\t"
      "cmpb	$0,(%0)\n\t"
      "jne	1b\n"
@@ -1020,10 +1023,11 @@ __STRING_INLINE char *__strcat_g (char *__dest, const char *__src);
 __STRING_INLINE char *
 __strcat_g (char *__dest, const char *__src)
 {
-  register char *__tmp = __dest - 1;
+  register char *__tmp = __dest;
   register char __dummy;
   __asm__ __volatile__
-    ("1:\n\t"
+    ("decl	%1\n\t"
+     "1:\n\t"
      "incl	%1\n\t"
      "cmpb	$0,(%1)\n\t"
      "jne	1b\n"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-10 05:09:24 +0000