git.ipfire.org Git - thirdparty/glibc.git/commit

author	H.J. Lu <hjl.tools@gmail.com>
	Fri, 1 Feb 2019 20:21:41 +0000 (12:21 -0800)
committer	H.J. Lu <hjl.tools@gmail.com>
	Fri, 1 Feb 2019 23:34:29 +0000 (15:34 -0800)
commit	885e4af2ac9b272d6ddd7f9c1954d0364d7ebab3
tree	f4dc83b58fd0d336be9b1fc60546d2bfa7cc73cc	tree
parent	c9ea2e82d4f4002b162f427c4761c5bec6ee6876	commit \| diff

x86-64 memset/wmemset: Properly handle the length parameter [BZ #24097]

On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits.  The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.

This pach fixes memset/wmemset for x32.  Tested on x86-64 and x32.  On
x86-64, libc.so is the same with and withou the fix.

[BZ #24097]
CVE-2019-6488
* sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S: Use
RDX_LP for length.  Clear the upper 32 bits of RDX register.
* sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S: Likewise.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-wmemset.
* sysdeps/x86_64/x32/tst-size_t-memset.c: New file.
* sysdeps/x86_64/x32/tst-size_t-wmemset.c: Likewise.

(cherry picked from commit 82d0b4a4d76db554eb6757acb790fcea30b19965)

ChangeLog		diff \| blob \| blame \| history
sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S		diff \| blob \| blame \| history
sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S		diff \| blob \| blame \| history
sysdeps/x86_64/x32/Makefile		diff \| blob \| blame \| history
sysdeps/x86_64/x32/tst-size_t-memset.c	[new file with mode: 0644]	blob
sysdeps/x86_64/x32/tst-size_t-wmemset.c	[new file with mode: 0644]	blob