From patchwork Thu Oct 27 15:32:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 59536 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 68BCB38AA26C for ; Thu, 27 Oct 2022 15:34:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 68BCB38AA26C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666884889; bh=SKkhqAucc6MbCHdkpGZFlKybQRZfe5t09toOmkh2HKw=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=L3/xC7293lX3K/Qcps/gVQRVH4qgWLUwuHzRWHP00Mzc6nwKgQ9bjfh5zVn4vrZex 4XcOCZpe4p0lUJgtViffPD3uq601j22vFFkVV0QZZB6YNupyAflRJHU+jJbzk+Xjkl /gPK5yO/Q8ni+MOpNEYknNLOFVzUfCcZ8pce7cHc= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60060.outbound.protection.outlook.com [40.107.6.60]) by sourceware.org (Postfix) with ESMTPS id 6AA103887006 for ; Thu, 27 Oct 2022 15:32:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6AA103887006 ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=TnA6xo1DdstQQxloutsrsOuJlwKyLP23ls6ppfKTnl906XdnkZ2F478JGxwZs7kgrEO0h1PL3mfwXWnd7C+a83s/AoX7TPfm95GP/S+ysJsqVCgMo+6sWoMDpt3kYIG+t7MDrm8iaM1mrpaeAh1Q9zkgJTRf2mg4Z8/ROBkpsipZVIhtvfmL5/uHPTbXquoMr9zL6mzbkmrFUR59ub2MuKFrNSuX9WFr3qvVlGZi7LJpxGov8vz7s1zXPzFwui/2TP+lgO1SB6Xyfjtd/XTLX5hducTkpU6a6m/pOIVDyTrfBCkMzpp9YKslDoK+BQswrfSUPkRKIOkARPDeYeuT7Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SKkhqAucc6MbCHdkpGZFlKybQRZfe5t09toOmkh2HKw=; b=PG1PvbozwNQU48oQrjpR0WvdMJkka6JgVYQv/78gxgsbf4j56pRziRilw36B2PM0rUF7JBrm5P7PCrkUUYJBq4KSFlSPwY9FANkQPM/UGRBWyep4nndaD7dY6/X6LUpgBglLLJAUwl5JZNb9/h5xzNZNYw/gOtekHknJl5qYmQsLcZl/su8ezl1vO2ZpKDe1JYX/aT0Wx6Wwe8dY4EEKMhn0rIx8cPZArGsK0mb3OF3FwQ1qOyPmzZHrFswIw64WWY1iDJGqX41ShTMVVYN5icyIQoHyDZDPkkVf6RxDBrU95hF0NhKhDF8RIzka0k6JSceurt39vKeqZAyQFgu8lA== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1, 1, smtp.mailfrom=arm.com] dmarc=[1, 1, header.from=arm.com]) Received: from AM6P195CA0100.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:86::41) by DU0PR08MB7664.eurprd08.prod.outlook.com (2603:10a6:10:315::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Thu, 27 Oct 2022 15:32:50 +0000 Received: from AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:86:cafe::a1) by AM6P195CA0100.outlook.office365.com (2603:10a6:209:86::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.29 via Frontend Transport; Thu, 27 Oct 2022 15:32:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT032.mail.protection.outlook.com (100.127.140.65) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.16 via Frontend Transport; Thu, 27 Oct 2022 15:32:49 +0000 Received: ("Tessian outbound b4aebcc5bc64:v130"); Thu, 27 Oct 2022 15:32:49 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: ab5dfa45457aa00e X-CR-MTA-TID: 64aa7808 Received: from 9125101db377.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 8783DF65-18F9-427B-AB52-4450B66D848B.1; Thu, 27 Oct 2022 15:32:42 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9125101db377.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 27 Oct 2022 15:32:42 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gerDGiZQi8KURRvHVR3JVpEyNus9uFzJB8G5uTPlgUBBpLNjttdta1TAb0f0qaMRdbeSJDHF/PBDPII3u22Y06sVpUO+7qHstPUlzy+M+3h6/m0Z58tVea486D5BwmiXjCXuLzY7IL9dVXHj0f6ybAx9DdxtE4jJS9A+3Il9SBUXIbQVlWJuronVr0TT15YcpEZInAheLlBI5KS4EBT2cehhGkmVYDfYH1ZBdURlJtLNKAKWSDTqnrqy292qM8QcrwKWaRNm79HTBssTSfMKx1zakCza4oyAnpmbyF8L25SYa8sYWZLbus4ksu4LFIlsMdJwr/8HMlu5+tdciW7kMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SKkhqAucc6MbCHdkpGZFlKybQRZfe5t09toOmkh2HKw=; b=Hj6zdK9G8TbgyLaWiM2Hw+1amK7V4o2r+9OQVGpezrUXKlS4CQ9vuH+kkwr+oUFa6oT517+kdhr5qS7nguXP9eo2QKiXF8tZOoEWBjll2ZRH8UbEySzkq//u6r8CLeTMmyIK9h1Y3pJARwy1ZQiApY3aOv4XBSkqOlg1D0MA7jJHH1Immb4RJZVH1Z9Fv4cZeBNPGHgYBF7/2Vctx4a7dGC09UiQvg33sojhR4w14BjqreB0u4xfVJ7VP4+8ie8+KIm78X1k1EpgYLA8C3u4AQRueN8FVQBk5F+O2+fvYzJ1gNcRvt9GsLnkF+Sr+gJ93e7fFHHTrBbQFJG7WeBz5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none Received: from DB8P191CA0002.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::12) by AM9PR08MB6115.eurprd08.prod.outlook.com (2603:10a6:20b:2df::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Thu, 27 Oct 2022 15:32:37 +0000 Received: from DBAEUR03FT046.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:130:cafe::a2) by DB8P191CA0002.outlook.office365.com (2603:10a6:10:130::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.29 via Frontend Transport; Thu, 27 Oct 2022 15:32:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by DBAEUR03FT046.mail.protection.outlook.com (100.127.142.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Thu, 27 Oct 2022 15:32:37 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Thu, 27 Oct 2022 15:32:37 +0000 Received: from armchair.cambridge.arm.com (10.2.80.71) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2507.12 via Frontend Transport; Thu, 27 Oct 2022 15:32:36 +0000 To: Subject: [PATCH 06/20] Fix invalid pointer dereference in wcpcpy_chk Date: Thu, 27 Oct 2022 16:32:36 +0100 Message-ID: <71f695945d1079b8f49f60bd0cfc59e0f3c2adfc.1666877952.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DBAEUR03FT046:EE_|AM9PR08MB6115:EE_|AM7EUR03FT032:EE_|DU0PR08MB7664:EE_ X-MS-Office365-Filtering-Correlation-Id: ae3f3e21-0228-4599-1223-08dab83081aa x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: BWyugvGH9sQwDD2vdOqLNoOE9qEzBE5Lmjy/K8E06N0OFjmCNp2GQFb5c5mwzPVIgwVPxD/DgME524ySpvNzk8DIw0/XPfchKatZb42vM3bD7EMXsG+Zklhfm5+4jnqVbCKf2OzPsDuCozlCLBl+fxGf7pbi8Mc0wJh9aqHnpZAKqN6pjxnSRBBUpCk3VmkBtk0bYWqdDM0vzx+Hmrz2CoKfRJhAVDtYIwEqPMMIUFmthxLhjgMckD2gzjxxQSBhmQbcuTJLI/UZ7emer63VaDuJ77r72kCGsh5jTXtOTm9W745MYKoD1Q4AwsaUG6/9bAV4HMxAix+MPdMdLbCbM1dw1/YTtCaDtkxloQq2zqcYeHkcM0qtCxLfNO7vPAjerNsoxO/Kxy3Gi8CcakdwTGcaortpwZPvqEPKlXAXGerrKXBwVG5QBDEo205myySrWDA6XkFlIiFB+KeZ1/MZMRihedT94B2tECmtNSXv2josa46LMQFFCqlfnEWNXVmE17qZuZcOsPIIZT6779ZECAz7xOshH/MyLJ9kbbjiCB83tckg1qMKfoUNGnJAWI3L6ryGLLmRSeT7y4doNRDFpgS1aTP+Z5z1YU76n+kzZSOh3L0VsBNokyTQ0Btp4xh3T8uant88UM9Loeh41/BJ7NgZGUsvOPO+RWTbAlDT8EO7ESPukznEtu2tDgU7RWmuGeee5cU+A5UYSEqv1aQ9mBbOdl63xBbN9eViAW6PZK9sKDJ1ZOw/H6HglFiv0ZjX/abMlPZHYO/XOY3/IYxNcEGTWfbPwIM3wR9+U2RXjUd4wUKTIXmf4CtbinOgTJCP X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(376002)(136003)(396003)(346002)(451199015)(36840700001)(40470700004)(46966006)(36756003)(86362001)(356005)(81166007)(82740400003)(36860700001)(5660300002)(2906002)(47076005)(426003)(44832011)(83380400001)(40460700003)(40480700001)(4744005)(8936002)(336012)(26005)(2616005)(186003)(7696005)(82310400005)(6916009)(8676002)(70206006)(478600001)(41300700001)(70586007)(316002)(36900700001); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR08MB6115 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 4568e8b1-e690-4057-9579-08dab8307a2a X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9VxUozO0W5mDHiLpvAoHbn9FJh4qhXYFeMJ50nPeKCxNC1cx2DWY+Y+epfh+iW9LDVrU6Z2L6NtXgHJn7j/7HbinYRd8B6078UsiLzY/vbAm9Zozg3ww7GXjGsyYZPgq5IjbxgOzKnEEHb/HtZKCwY59SReNgz6HWetCRri9ZKrpW1+OlFrIbiArxlAIj4PECQgrjvQmFcmz6yHLMJbG6c/v2MWE8V6SlqSMZ7RAdg6XoFqs7T3QJwJ1B0Frld8Qb2G3Pvu7Vp1hTw5aeL5YlPOfwMpL/eUdTi6dZZAwY9okkgMKSGSV80luo1HV5bbfM9kU7zBLxvYDaJ3h/byCGV4VivrXQL7BBR88GkYiDwsOC9gtYGhUpaPoBPByo5rSGv8AWqvriCT1Fxz2IAt0l+2NOxZF58hNMR8/849/5pXwo5Wyp61O7Y82aIwW9VfiWEoC8MPZNVi0xfFUA93PSdp/PAALDnzaedy9Ny4rginzYTAtKT9Rz5lgrjpn/t1uPHv+kzyQCz3cqlzQNJyXfUDbymhyb2zxAj9Tto3ald49NhWJGIKOcvujPUHaaNtIl+PiEwfp0sLK3f7w2XNsl5nDF2cyT9JAwMWJH3dcIrso2Ge/Phry5fRSwo/ClJdPT5rETT94lA8hdaTTnW8ZvWQ7/SumcPeS/pKsxDUe1W/9tve7gRk1Rf5Hq/AFzGXrjhj+MM3OuCbXVyvZoy8BWGj6stI2IUslIslAnU0y+G/R9nQSaqjYZ4yWwgG4eXw9GDJGhGnrtb5Kb8gqpWJGAA== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(39860400002)(396003)(346002)(451199015)(46966006)(36840700001)(40470700004)(8936002)(81166007)(426003)(82740400003)(41300700001)(47076005)(26005)(36860700001)(83380400001)(336012)(2906002)(36756003)(4744005)(2616005)(186003)(40460700003)(82310400005)(5660300002)(44832011)(316002)(478600001)(40480700001)(70206006)(70586007)(86362001)(7696005)(6916009)(8676002); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2022 15:32:49.9225 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ae3f3e21-0228-4599-1223-08dab83081aa X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB7664 X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FORGED_SPF_HELO, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha From: Szabolcs Nagy Reply-To: Szabolcs Nagy Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" The src pointer is const and points to a different object, so accessing dest via src is invalid. Reviewed-by: Florian Weimer --- debug/wcpcpy_chk.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/debug/wcpcpy_chk.c b/debug/wcpcpy_chk.c index bc2be43c3e..d44fb479d0 100644 --- a/debug/wcpcpy_chk.c +++ b/debug/wcpcpy_chk.c @@ -28,13 +28,12 @@ __wcpcpy_chk (wchar_t *dest, const wchar_t *src, size_t destlen) { wchar_t *wcp = (wchar_t *) dest - 1; wint_t c; - const ptrdiff_t off = src - dest + 1; do { if (__glibc_unlikely (destlen-- == 0)) __chk_fail (); - c = wcp[off]; + c = *src++; *++wcp = c; } while (c != L'\0');