From patchwork Thu Oct 27 15:32:30 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Patchwork-Id: 59532
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 1568E3898C70
	for <patchwork@sourceware.org>; Thu, 27 Oct 2022 15:34:00 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1568E3898C70
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1666884840;
	bh=QX/cE2npMHiCgWo2xr6RRGo3O4af0tm+XuexAb0EBdM=;
	h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=wYpojowk6UrrMujH4WPRSAJK3kbx71HSIXRyGx4naNRMzPXYd33prr5ZXK7carTDP
	 xfnY1RMlnujbOoMdxXLDmGXrerhKJk2/n6BTrAJrVm+CaD0x10ZbzHF9Wo2XjId0y2
	 CYgnRZzKoHTz7bu9d6G5jbcEQUxI6pzltjqKWhQI=
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from EUR04-DB3-obe.outbound.protection.outlook.com
 (mail-eopbgr60062.outbound.protection.outlook.com [40.107.6.62])
 by sourceware.org (Postfix) with ESMTPS id 544B13882150
 for <libc-alpha@sourceware.org>; Thu, 27 Oct 2022 15:32:45 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 544B13882150
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
 b=YciDAmC9oU7NzvCp0JkRvDLRbfGUTcxHJAVcZOgH7xe4RK9xMis0B5NGsjJkEyi+LFFbdUPsHZJgKMaQnaotzwyJrL3gxOBNpn36ZsJL39f3E9wCZMa7/5vYQv0vKx2NA4agGOZ/e1ijKPIJWNM3PsD6k5f4SXtKhp+VnTIT3OQ1x62rzEv77LuQwEfkxuh0Dmwjzc9h6WmRQZLIbzebb/uxorxVhgaa8paFDKT1gmk1PDhZQ3VW4vm4rN7CcL09LPM95AisdvNrV74CP0mgg+Dtl2kLK4LJxj0P0tpEPumJD7lAdEaKh+H6lGqoZBPg4XU763s9VerN9N4AiEaV9g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=QX/cE2npMHiCgWo2xr6RRGo3O4af0tm+XuexAb0EBdM=;
 b=QvSpS3pAYbbm9pd+yOELizp7bISBwNPEhg5XcPWdQ51cJgtTefhABLJ6Lby0DrFra5x+xECWhRnF9k+oGiK1UjVF8p3/sk9qCdOp7hCgRGhJVBeYxlTNmT4MMdAeGRQvYFWwXe6gcoN4rGe3M7EiHjsILCxSR1YgpfH3Uwl38Fe8FuxKeAKOT3qdydfeXXEJ0dg2Lni9WiaIrgeUTxdFiTQwq0QXo6dGtXyTM6/ZTTyhLaTzYUpHYvAt+vvgfnlyLh23wBLMja7pCpDU1vAy/ncsFO+sTqfZolTPM4sc+ywdClHF+0s8+JkxS2jhaDUqa80VoRzL0gPfqm4BPePMWg==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com;
 dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com;
 dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0
 oda=1 ltdi=1 spf=[1, 1, smtp.mailfrom=arm.com] dmarc=[1, 1,
 header.from=arm.com])
Received: from AS9PR01CA0005.eurprd01.prod.exchangelabs.com
 (2603:10a6:20b:540::15) by GV2PR08MB8751.eurprd08.prod.outlook.com
 (2603:10a6:150:b3::21) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Thu, 27 Oct
 2022 15:32:43 +0000
Received: from AM7EUR03FT017.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:20b:540:cafe::57) by AS9PR01CA0005.outlook.office365.com
 (2603:10a6:20b:540::15) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28 via Frontend
 Transport; Thu, 27 Oct 2022 15:32:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 AM7EUR03FT017.mail.protection.outlook.com (100.127.140.184) with
 Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.5746.16 via Frontend Transport; Thu, 27 Oct 2022 15:32:42 +0000
Received: ("Tessian outbound aeae1c7b66fd:v130");
 Thu, 27 Oct 2022 15:32:42 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 4f66ef1a2c7f0089
X-CR-MTA-TID: 64aa7808
Received: from b82a995a6993.1
 by 64aa7808-outbound-1.mta.getcheckrecipient.com id
 0A2A3CE9-4C4F-41D2-8AF7-2FDFB5B14295.1;
 Thu, 27 Oct 2022 15:32:36 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
 by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id
 b82a995a6993.1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
 Thu, 27 Oct 2022 15:32:36 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=c2zWpOlOS0qEM10z4CqX5vAXW0qj8uMamZ0xQoQS1pqAzs6epo5AkLi9673wgGAzyGrCQS+dtRa8fGwCwclldYVv7oAL+fs4aSbH6LJ/ED5rtcWeRMOZZBBE02WAsiw0I4+rZ9fldsXtSCEjIrA0j9z+Cmd+m1anSz12LR035Jmqp2Crtd2HMsGFiNae2ZieslAMsQiY5xseZZrHo88HIliaZpH/516Jxt2835LcrjZXZArPWh/fWm4wwRIodKucvjempU/VPK+ByD+ZgaRm1PWGvyBgbdmMFLWggdw7FGq34mvbZ02+2Bi/EoqxBIeGvHTPTsoJnLSUz0NCTqFlaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=QX/cE2npMHiCgWo2xr6RRGo3O4af0tm+XuexAb0EBdM=;
 b=HS+Nm6YvNjx3hdlJ6ZVTMgcVWKvJUJtWbFUAtgKbkD5CBB+qiMY7a1nPqP4gTIs2RhCBNDDNP9Y0K/XVMJZLjVKaYynNYRXtRwJitimOy/ZrWSxuAWZkWz7QNSJ+iGTAI1kijHkzuZrMjikD1KN3KhW4WRaz4pTWN8shfW3GaAC6e3ZHFpXIpcJusDGsImtgzUMaZb1901ov3ia/Sdjin7zoUv7DMF7k2AwHMXJbmEBJzLdDY+3AmQJG0sGrdOM6ETeOrsZDYbTRLU8kU6tY3fzJK/UHBXfisDTBZPM03hPRiqBnKp7EfnaKD4e5cla0s9zfLSvy4/s7YVVapEWVGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com;
 dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com;
 dkim=none (message not signed); arc=none
Received: from DB8P191CA0006.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::16)
 by AS8PR08MB7306.eurprd08.prod.outlook.com (2603:10a6:20b:441::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Thu, 27 Oct
 2022 15:32:32 +0000
Received: from DBAEUR03FT046.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:10:130:cafe::18) by DB8P191CA0006.outlook.office365.com
 (2603:10a6:10:130::16) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28 via Frontend
 Transport; Thu, 27 Oct 2022 15:32:31 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 40.67.248.234 as permitted sender) receiver=protection.outlook.com;
 client-ip=40.67.248.234; helo=nebula.arm.com; pr=C
Received: from nebula.arm.com (40.67.248.234) by
 DBAEUR03FT046.mail.protection.outlook.com (100.127.142.67) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.5723.20 via Frontend Transport; Thu, 27 Oct 2022 15:32:31 +0000
Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com
 (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Thu, 27 Oct
 2022 15:32:31 +0000
Received: from armchair.cambridge.arm.com (10.2.80.71) by mail.arm.com
 (10.251.24.31) with Microsoft SMTP Server id 15.1.2507.12 via Frontend
 Transport; Thu, 27 Oct 2022 15:32:30 +0000
To: <libc-alpha@sourceware.org>
Subject: [PATCH 05/20] Fix invalid pointer dereference in wcscpy_chk
Date: Thu, 27 Oct 2022 16:32:30 +0100
Message-ID: 
 <8a778b8eecc1ad9d782884291965864ea5c20ef7.1666877952.git.szabolcs.nagy@arm.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1666877952.git.szabolcs.nagy@arm.com>
References: <cover.1666877952.git.szabolcs.nagy@arm.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 1
X-MS-TrafficTypeDiagnostic: 
 DBAEUR03FT046:EE_|AS8PR08MB7306:EE_|AM7EUR03FT017:EE_|GV2PR08MB8751:EE_
X-MS-Office365-Filtering-Correlation-Id: a3bfce56-0f97-4acb-a5ea-08dab8307d6c
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 
 8PSC3ruR1oaKYArJROtlbwPZufyo9ZS/wY0BUyhR1xpXl7IHic/SDdWpJ7MCoq0bFjBAbNfbkVp/cE/SqphZjUV31VDd7MDy+Q9DWCHwfbwM4kHpi6NlOH8NTJ38XfCe7aqlUf/0y6Smgxo5fB3L1VVA1Rn358ZnqRJhasZb0XviBTdKOtAR+BbqvjM2v64ZhxkwZNN/7hu53o4CHH7mCsdWyvZr4tyRh9CX63iUDrHjwyS6SRKu2VxPU57eDF3aGyuQtz+za8T990SYxqB8g+yZIWlyd6qrMPwYRncFm9kovZQNs8T954ft/RADzpZXY3x17y4nTaRjtrJkD230haEbfKbxK9C6Te/fHoz6+QAoVeGBoruK6JsDps/IvbPAEz2EHQq+48lpD2Uz1jPfOPDG61z1x5rBHLlCQ+Z/S8kmbGeZiuCBB2lNo9FSFl4yYbLGpUcwQSvU/4OwF9EUoH4c2T3puaud2Oc3h/fyvfr/7Xh4J2D6v1MHPvW0+d5UqXgW4gx+NdhcgudTgWcQu00SKIMwn5ObOudHLUUfBjnsOoexLIIRrKlIZtYtOcffE6n7rFLzbngiMLoejXPIjPRQH7tMg4rcAo6WnpPsWbZanNFQaw0YxaeN7jnAkF+E2pS4jDjMb3NWTDlMUPe3mtBFsBUblkGgWLJfsjG+3tk8MX+vveOcuETCkdE/5M74N7tnMTSplfYW/lHDY/8R9fCt2ooPn+GbOeHUwhYRjM3QEziSXXwom6ZsUVjuL6SqrNwdm0E4mx9BwU8Nag14aD7GX+sRJGr4qoIZixWLS543LNy3+II+D7kfbFEMLSwp
X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en;
 SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent;
 CAT:NONE;
 SFS:(13230022)(4636009)(346002)(39860400002)(136003)(396003)(376002)(451199015)(36840700001)(46966006)(40470700004)(8676002)(70206006)(70586007)(40460700003)(6916009)(36756003)(316002)(8936002)(7696005)(83380400001)(82740400003)(81166007)(356005)(36860700001)(40480700001)(26005)(41300700001)(86362001)(2906002)(426003)(47076005)(82310400005)(2616005)(44832011)(5660300002)(336012)(186003)(478600001)(36900700001);
 DIR:OUT; SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB7306
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 AM7EUR03FT017.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
 6798b852-f4ba-499e-f90e-08dab830768f
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 xN+laGTcRPxURy/VqVuP4Wsyyzdh1gcPl7IgIdsgXB1mdW61l93NgFjxLSL36QEh1UeB89+uIG4bsVi8FX7Lnhcq8Xy7xbPYXInmW99l/vYOGADmVsf9CIV5dxL0HWV/+3FxRWkZ23H9+NYr9cQK185UOhUvT3GB3Gu2dV9r02MbNrZ0pgiS6I7GVx9S+EGdS4mZqLUj3yPV9pD750hEn7NDGua71QV8uJj74TA8dHM8Cc5YswVP4Dus92ePnr8fJGZoYzmBf+ADfk347jYbQN7pzi+zhkKZ8Nzy5ycyN++DFx6A9vPYwmfWNBpyVhN0Z1GksctdK9DRqBRGouoUSWj6lvLGzwipOaoLRSLYfLWjPHAiP+TJ/qqTq2Xjk+8T4TYdKrki2+ugwu7fjelFAIeRA27uUWgxefZstFj5alxjFxEzDOPnWfWMlILmOV8GloiVOVJYXP57UflOHmWMYHGvEsZbYNpHcliHzQa83Mhcldcbhjts4c6tBudfkOw41KsuqZ2GQB1bETvEkIHF6t4UDFzW94jdPBw0XMvgGAp/sZnr8/FOsn5NtUKBVRDRk1uTiC4/CKOCNisOjZ6FNZF8NMOGPuBiUQ0Ddb/OAn9Ru8TYqIhGR8lfBPeojWE/N5+LqlieV4GCX0m4uP3fNgk2EGVle1PHcXx2ux+F1JRq7OtskC5KYHfVxe+qBIDx8071YaN9PFD6to4ROH3Ke4Lx6eSjwKngFLUt7D9eN6YiW4gYOYN7904jB/MMA9AID6LXJJdI52VQc9Z7YMo4bg==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
 PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
 SFS:(13230022)(4636009)(346002)(376002)(136003)(39860400002)(396003)(451199015)(46966006)(36840700001)(40470700004)(478600001)(82310400005)(26005)(36756003)(7696005)(316002)(70206006)(70586007)(2616005)(86362001)(82740400003)(41300700001)(40460700003)(186003)(8936002)(81166007)(8676002)(5660300002)(47076005)(426003)(40480700001)(6916009)(336012)(83380400001)(44832011)(36860700001)(2906002);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2022 15:32:42.7934 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a3bfce56-0f97-4acb-a5ea-08dab8307d6c
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
 Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 AM7EUR03FT017.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB8751
X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, FORGED_SPF_HELO, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE,
 RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP,
 UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha
 <libc-alpha@sourceware.org>
From: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reply-To: Szabolcs Nagy <szabolcs.nagy@arm.com>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>

The src pointer is const and points to a different object, so accessing
dest via src is invalid.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
---
 debug/wcscpy_chk.c | 34 +++++++---------------------------
 1 file changed, 7 insertions(+), 27 deletions(-)

diff --git a/debug/wcscpy_chk.c b/debug/wcscpy_chk.c
index 8ef03f81e4..d2dc769181 100644
--- a/debug/wcscpy_chk.c
+++ b/debug/wcscpy_chk.c
@@ -24,36 +24,16 @@ wchar_t *
 __wcscpy_chk (wchar_t *dest, const wchar_t *src, size_t n)
 {
   wint_t c;
-  wchar_t *wcp;
+  wchar_t *wcp = dest;
 
-  if (__alignof__ (wchar_t) >= sizeof (wchar_t))
+  do
     {
-      const ptrdiff_t off = dest - src - 1;
-
-      wcp = (wchar_t *) src;
-
-      do
-	{
-	  if (__glibc_unlikely (n-- == 0))
-	    __chk_fail ();
-	  c = *wcp++;
-	  wcp[off] = c;
-	}
-      while (c != L'\0');
-    }
-  else
-    {
-      wcp = dest;
-
-      do
-	{
-	  if (__glibc_unlikely (n-- == 0))
-	    __chk_fail ();
-	  c = *src++;
-	  *wcp++ = c;
-	}
-      while (c != L'\0');
+      if (__glibc_unlikely (n-- == 0))
+        __chk_fail ();
+      c = *src++;
+      *wcp++ = c;
     }
+  while (c != L'\0');
 
   return dest;
 }