From 2bba7e8468e808b7a7d5c1045d339eb5ffd12591 Mon Sep 17 00:00:00 2001 From: Icenowy Zheng Date: Mon, 24 Mar 2025 16:50:37 +0800 Subject: [PATCH] riscv: chunkset_rvv: fix SIGSEGV in CHUNKCOPY The chunkset_tpl comment allows negative dist (out - from) as long as the length is smaller than the absolute value of dist (i.e. memory does not overlap). However this case is currently broken in the RVV override of CHUNKCOPY -- it compares dist (which is a ptrdiff_t, a value that should be of the same size with size_t but signed) with the result of sizeof (which is a size_t), and this triggers the implicit conversion from signed to unsigned (thus losing negative values). As it's promised to be not overlapping when dist is negative, just use a gaint memcpy() call to copy everything. Signed-off-by: Icenowy Zheng --- arch/riscv/chunkset_rvv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/chunkset_rvv.c b/arch/riscv/chunkset_rvv.c index ee43bde2..e0915dfc 100644 --- a/arch/riscv/chunkset_rvv.c +++ b/arch/riscv/chunkset_rvv.c @@ -92,7 +92,7 @@ static inline uint8_t* CHUNKCOPY(uint8_t *out, uint8_t const *from, unsigned len from += align; len -= align; ptrdiff_t dist = out - from; - if (dist >= len) { + if (dist < 0 || dist >= len) { memcpy(out, from, len); out += len; from += len; -- 2.47.2