Message ID | 20210609205257.123944-1-goldstein.w.n@gmail.com |
---|---|
State | New |
Headers | show |
Series | [v1,1/3] String: Add additional overflow tests for strnlen, memchr, and strncat | expand |
On Wed, Jun 9, 2021 at 1:53 PM Noah Goldstein <goldstein.w.n@gmail.com> wrote: > > This commit adds tests for a bug in the wide char variant of the > functions where the implementation may assume that maxlen for wcsnlen > or n for wmemchr/strncat will not overflow when multiplied by > sizeof(wchar_t). > > These tests show the following implementations failing on x86_64: > > wcsnlen-sse4_1 > wcsnlen-avx2 > > wmemchr-sse2 > wmemchr-avx2 > > strncat would fail as well if it where on a system that prefered > either of the wcsnlen implementations that failed as it relies on > wcsnlen. Please open a bug report for each standard C function. We need to track them for backporting to release branches. Thanks. > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> > --- > string/test-memchr.c | 39 ++++++++++++++++++++++++--- > string/test-strncat.c | 61 +++++++++++++++++++++++++++++++++++++++++++ > string/test-strnlen.c | 33 +++++++++++++++++++++++ > 3 files changed, 130 insertions(+), 3 deletions(-) > > diff --git a/string/test-memchr.c b/string/test-memchr.c > index 665edc32af..ce964284aa 100644 > --- a/string/test-memchr.c > +++ b/string/test-memchr.c > @@ -65,8 +65,8 @@ do_one_test (impl_t *impl, const CHAR *s, int c, size_t n, CHAR *exp_res) > CHAR *res = CALL (impl, s, c, n); > if (res != exp_res) > { > - error (0, 0, "Wrong result in function %s %p %p", impl->name, > - res, exp_res); > + error (0, 0, "Wrong result in function %s (%p, %d, %zu) -> %p != %p", > + impl->name, s, c, n, res, exp_res); > ret = 1; > return; > } > @@ -91,7 +91,7 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) > } > buf[align + len] = 0; > > - if (pos < len) > + if (pos < MIN(n, len)) > { > buf[align + pos] = seek_char; > buf[align + len] = -seek_char; > @@ -107,6 +107,38 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) > do_one_test (impl, (CHAR *) (buf + align), seek_char, n, result); > } > > +static void > +do_overflow_tests (void) > +{ > + size_t i, j, len; > + const size_t one = 1; > + uintptr_t buf_addr = (uintptr_t) buf1; > + > + for (i = 0; i < 750; ++i) > + { > + do_test (0, i, 751, SIZE_MAX - i, BIG_CHAR); > + do_test (0, i, 751, i - buf_addr, BIG_CHAR); > + do_test (0, i, 751, -buf_addr - i, BIG_CHAR); > + do_test (0, i, 751, SIZE_MAX - buf_addr - i, BIG_CHAR); > + do_test (0, i, 751, SIZE_MAX - buf_addr + i, BIG_CHAR); > + > + len = 0; > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > + { > + len |= one << j; > + do_test (0, i, 751, len - i, BIG_CHAR); > + do_test (0, i, 751, len + i, BIG_CHAR); > + do_test (0, i, 751, len - buf_addr - i, BIG_CHAR); > + do_test (0, i, 751, len - buf_addr + i, BIG_CHAR); > + > + do_test (0, i, 751, ~len - i, BIG_CHAR); > + do_test (0, i, 751, ~len + i, BIG_CHAR); > + do_test (0, i, 751, ~len - buf_addr - i, BIG_CHAR); > + do_test (0, i, 751, ~len - buf_addr + i, BIG_CHAR); > + } > + } > +} > + > static void > do_random_tests (void) > { > @@ -221,6 +253,7 @@ test_main (void) > do_test (page_size / 2 - i, i, i, 1, 0x9B); > > do_random_tests (); > + do_overflow_tests (); > return ret; > } > > diff --git a/string/test-strncat.c b/string/test-strncat.c > index 2ef917b820..0ab7541d4e 100644 > --- a/string/test-strncat.c > +++ b/string/test-strncat.c > @@ -134,6 +134,66 @@ do_test (size_t align1, size_t align2, size_t len1, size_t len2, > } > } > > +static void > +do_overflow_tests (void) > +{ > + size_t i, j, len; > + const size_t one = 1; > + CHAR *s1, *s2; > + uintptr_t s1_addr; > + s1 = (CHAR *) buf1; > + s2 = (CHAR *) buf2; > + s1_addr = (uintptr_t)s1; > + for (j = 0; j < 200; ++j) > + s2[j] = 32 + 23 * j % (BIG_CHAR - 32); > + s2[200] = 0; > + for (i = 0; i < 750; ++i) { > + for (j = 0; j < i; ++j) > + s1[j] = 32 + 23 * j % (BIG_CHAR - 32); > + s1[i] = '\0'; > + > + FOR_EACH_IMPL (impl, 0) > + { > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, SIZE_MAX - i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, i - s1_addr); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, -s1_addr - i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr - i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr + i); > + } > + > + len = 0; > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > + { > + len |= one << j; > + FOR_EACH_IMPL (impl, 0) > + { > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, len - i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, len + i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, len - s1_addr - i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, len - s1_addr + i); > + > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, ~len - i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, ~len + i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, ~len - s1_addr - i); > + s2[0] = '\0'; > + do_one_test (impl, s2, s1, ~len - s1_addr + i); > + } > + } > + } > +} > + > static void > do_random_tests (void) > { > @@ -316,6 +376,7 @@ test_main (void) > } > > do_random_tests (); > + do_overflow_tests (); > return ret; > } > > diff --git a/string/test-strnlen.c b/string/test-strnlen.c > index 920f58e97b..f53e09263f 100644 > --- a/string/test-strnlen.c > +++ b/string/test-strnlen.c > @@ -89,6 +89,38 @@ do_test (size_t align, size_t len, size_t maxlen, int max_char) > do_one_test (impl, (CHAR *) (buf + align), maxlen, MIN (len, maxlen)); > } > > +static void > +do_overflow_tests (void) > +{ > + size_t i, j, len; > + const size_t one = 1; > + uintptr_t buf_addr = (uintptr_t) buf1; > + > + for (i = 0; i < 750; ++i) > + { > + do_test (0, i, SIZE_MAX - i, BIG_CHAR); > + do_test (0, i, i - buf_addr, BIG_CHAR); > + do_test (0, i, -buf_addr - i, BIG_CHAR); > + do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR); > + do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR); > + > + len = 0; > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > + { > + len |= one << j; > + do_test (0, i, len - i, BIG_CHAR); > + do_test (0, i, len + i, BIG_CHAR); > + do_test (0, i, len - buf_addr - i, BIG_CHAR); > + do_test (0, i, len - buf_addr + i, BIG_CHAR); > + > + do_test (0, i, ~len - i, BIG_CHAR); > + do_test (0, i, ~len + i, BIG_CHAR); > + do_test (0, i, ~len - buf_addr - i, BIG_CHAR); > + do_test (0, i, ~len - buf_addr + i, BIG_CHAR); > + } > + } > +} > + > static void > do_random_tests (void) > { > @@ -283,6 +315,7 @@ test_main (void) > do_random_tests (); > do_page_tests (); > do_page_2_tests (); > + do_overflow_tests (); > return ret; > } > > -- > 2.25.1 >
On Wed, Jun 9, 2021 at 5:54 PM H.J. Lu <hjl.tools@gmail.com> wrote: > On Wed, Jun 9, 2021 at 1:53 PM Noah Goldstein <goldstein.w.n@gmail.com> > wrote: > > > > This commit adds tests for a bug in the wide char variant of the > > functions where the implementation may assume that maxlen for wcsnlen > > or n for wmemchr/strncat will not overflow when multiplied by > > sizeof(wchar_t). > > > > These tests show the following implementations failing on x86_64: > > > > wcsnlen-sse4_1 > > wcsnlen-avx2 > > > > wmemchr-sse2 > > wmemchr-avx2 > > > > strncat would fail as well if it where on a system that prefered > > either of the wcsnlen implementations that failed as it relies on > > wcsnlen. > > Please open a bug report for each standard C function. We need to > track them for backporting to release branches. > Done: https://sourceware.org/bugzilla/show_bug.cgi?id=27974 > > Thanks. > > > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> > > --- > > string/test-memchr.c | 39 ++++++++++++++++++++++++--- > > string/test-strncat.c | 61 +++++++++++++++++++++++++++++++++++++++++++ > > string/test-strnlen.c | 33 +++++++++++++++++++++++ > > 3 files changed, 130 insertions(+), 3 deletions(-) > > > > diff --git a/string/test-memchr.c b/string/test-memchr.c > > index 665edc32af..ce964284aa 100644 > > --- a/string/test-memchr.c > > +++ b/string/test-memchr.c > > @@ -65,8 +65,8 @@ do_one_test (impl_t *impl, const CHAR *s, int c, > size_t n, CHAR *exp_res) > > CHAR *res = CALL (impl, s, c, n); > > if (res != exp_res) > > { > > - error (0, 0, "Wrong result in function %s %p %p", impl->name, > > - res, exp_res); > > + error (0, 0, "Wrong result in function %s (%p, %d, %zu) -> %p != > %p", > > + impl->name, s, c, n, res, exp_res); > > ret = 1; > > return; > > } > > @@ -91,7 +91,7 @@ do_test (size_t align, size_t pos, size_t len, size_t > n, int seek_char) > > } > > buf[align + len] = 0; > > > > - if (pos < len) > > + if (pos < MIN(n, len)) > > { > > buf[align + pos] = seek_char; > > buf[align + len] = -seek_char; > > @@ -107,6 +107,38 @@ do_test (size_t align, size_t pos, size_t len, > size_t n, int seek_char) > > do_one_test (impl, (CHAR *) (buf + align), seek_char, n, result); > > } > > > > +static void > > +do_overflow_tests (void) > > +{ > > + size_t i, j, len; > > + const size_t one = 1; > > + uintptr_t buf_addr = (uintptr_t) buf1; > > + > > + for (i = 0; i < 750; ++i) > > + { > > + do_test (0, i, 751, SIZE_MAX - i, BIG_CHAR); > > + do_test (0, i, 751, i - buf_addr, BIG_CHAR); > > + do_test (0, i, 751, -buf_addr - i, BIG_CHAR); > > + do_test (0, i, 751, SIZE_MAX - buf_addr - i, BIG_CHAR); > > + do_test (0, i, 751, SIZE_MAX - buf_addr + i, BIG_CHAR); > > + > > + len = 0; > > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > > + { > > + len |= one << j; > > + do_test (0, i, 751, len - i, BIG_CHAR); > > + do_test (0, i, 751, len + i, BIG_CHAR); > > + do_test (0, i, 751, len - buf_addr - i, BIG_CHAR); > > + do_test (0, i, 751, len - buf_addr + i, BIG_CHAR); > > + > > + do_test (0, i, 751, ~len - i, BIG_CHAR); > > + do_test (0, i, 751, ~len + i, BIG_CHAR); > > + do_test (0, i, 751, ~len - buf_addr - i, BIG_CHAR); > > + do_test (0, i, 751, ~len - buf_addr + i, BIG_CHAR); > > + } > > + } > > +} > > + > > static void > > do_random_tests (void) > > { > > @@ -221,6 +253,7 @@ test_main (void) > > do_test (page_size / 2 - i, i, i, 1, 0x9B); > > > > do_random_tests (); > > + do_overflow_tests (); > > return ret; > > } > > > > diff --git a/string/test-strncat.c b/string/test-strncat.c > > index 2ef917b820..0ab7541d4e 100644 > > --- a/string/test-strncat.c > > +++ b/string/test-strncat.c > > @@ -134,6 +134,66 @@ do_test (size_t align1, size_t align2, size_t len1, > size_t len2, > > } > > } > > > > +static void > > +do_overflow_tests (void) > > +{ > > + size_t i, j, len; > > + const size_t one = 1; > > + CHAR *s1, *s2; > > + uintptr_t s1_addr; > > + s1 = (CHAR *) buf1; > > + s2 = (CHAR *) buf2; > > + s1_addr = (uintptr_t)s1; > > + for (j = 0; j < 200; ++j) > > + s2[j] = 32 + 23 * j % (BIG_CHAR - 32); > > + s2[200] = 0; > > + for (i = 0; i < 750; ++i) { > > + for (j = 0; j < i; ++j) > > + s1[j] = 32 + 23 * j % (BIG_CHAR - 32); > > + s1[i] = '\0'; > > + > > + FOR_EACH_IMPL (impl, 0) > > + { > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, SIZE_MAX - i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, i - s1_addr); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, -s1_addr - i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr - i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr + i); > > + } > > + > > + len = 0; > > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > > + { > > + len |= one << j; > > + FOR_EACH_IMPL (impl, 0) > > + { > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, len - i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, len + i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, len - s1_addr - i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, len - s1_addr + i); > > + > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, ~len - i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, ~len + i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, ~len - s1_addr - i); > > + s2[0] = '\0'; > > + do_one_test (impl, s2, s1, ~len - s1_addr + i); > > + } > > + } > > + } > > +} > > + > > static void > > do_random_tests (void) > > { > > @@ -316,6 +376,7 @@ test_main (void) > > } > > > > do_random_tests (); > > + do_overflow_tests (); > > return ret; > > } > > > > diff --git a/string/test-strnlen.c b/string/test-strnlen.c > > index 920f58e97b..f53e09263f 100644 > > --- a/string/test-strnlen.c > > +++ b/string/test-strnlen.c > > @@ -89,6 +89,38 @@ do_test (size_t align, size_t len, size_t maxlen, int > max_char) > > do_one_test (impl, (CHAR *) (buf + align), maxlen, MIN (len, > maxlen)); > > } > > > > +static void > > +do_overflow_tests (void) > > +{ > > + size_t i, j, len; > > + const size_t one = 1; > > + uintptr_t buf_addr = (uintptr_t) buf1; > > + > > + for (i = 0; i < 750; ++i) > > + { > > + do_test (0, i, SIZE_MAX - i, BIG_CHAR); > > + do_test (0, i, i - buf_addr, BIG_CHAR); > > + do_test (0, i, -buf_addr - i, BIG_CHAR); > > + do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR); > > + do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR); > > + > > + len = 0; > > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > > + { > > + len |= one << j; > > + do_test (0, i, len - i, BIG_CHAR); > > + do_test (0, i, len + i, BIG_CHAR); > > + do_test (0, i, len - buf_addr - i, BIG_CHAR); > > + do_test (0, i, len - buf_addr + i, BIG_CHAR); > > + > > + do_test (0, i, ~len - i, BIG_CHAR); > > + do_test (0, i, ~len + i, BIG_CHAR); > > + do_test (0, i, ~len - buf_addr - i, BIG_CHAR); > > + do_test (0, i, ~len - buf_addr + i, BIG_CHAR); > > + } > > + } > > +} > > + > > static void > > do_random_tests (void) > > { > > @@ -283,6 +315,7 @@ test_main (void) > > do_random_tests (); > > do_page_tests (); > > do_page_2_tests (); > > + do_overflow_tests (); > > return ret; > > } > > > > -- > > 2.25.1 > > > > > -- > H.J. >
On Wed, Jun 9, 2021 at 6:26 PM Noah Goldstein <goldstein.w.n@gmail.com> wrote: > > > On Wed, Jun 9, 2021 at 5:54 PM H.J. Lu <hjl.tools@gmail.com> wrote: > >> On Wed, Jun 9, 2021 at 1:53 PM Noah Goldstein <goldstein.w.n@gmail.com> >> wrote: >> > >> > This commit adds tests for a bug in the wide char variant of the >> > functions where the implementation may assume that maxlen for wcsnlen >> > or n for wmemchr/strncat will not overflow when multiplied by >> > sizeof(wchar_t). >> > >> > These tests show the following implementations failing on x86_64: >> > >> > wcsnlen-sse4_1 >> > wcsnlen-avx2 >> > >> > wmemchr-sse2 >> > wmemchr-avx2 >> > >> > strncat would fail as well if it where on a system that prefered >> > either of the wcsnlen implementations that failed as it relies on >> > wcsnlen. >> >> Please open a bug report for each standard C function. We need to >> track them for backporting to release branches. >> > > Done: https://sourceware.org/bugzilla/show_bug.cgi?id=27974 > > >> >> Thanks. >> >> > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> >> > --- >> > string/test-memchr.c | 39 ++++++++++++++++++++++++--- >> > string/test-strncat.c | 61 +++++++++++++++++++++++++++++++++++++++++++ >> > string/test-strnlen.c | 33 +++++++++++++++++++++++ >> > 3 files changed, 130 insertions(+), 3 deletions(-) >> > >> > diff --git a/string/test-memchr.c b/string/test-memchr.c >> > index 665edc32af..ce964284aa 100644 >> > --- a/string/test-memchr.c >> > +++ b/string/test-memchr.c >> > @@ -65,8 +65,8 @@ do_one_test (impl_t *impl, const CHAR *s, int c, >> size_t n, CHAR *exp_res) >> > CHAR *res = CALL (impl, s, c, n); >> > if (res != exp_res) >> > { >> > - error (0, 0, "Wrong result in function %s %p %p", impl->name, >> > - res, exp_res); >> > + error (0, 0, "Wrong result in function %s (%p, %d, %zu) -> %p != >> %p", >> > + impl->name, s, c, n, res, exp_res); >> > ret = 1; >> > return; >> > } >> > @@ -91,7 +91,7 @@ do_test (size_t align, size_t pos, size_t len, size_t >> n, int seek_char) >> > } >> > buf[align + len] = 0; >> > >> > - if (pos < len) >> > + if (pos < MIN(n, len)) >> > { >> > buf[align + pos] = seek_char; >> > buf[align + len] = -seek_char; >> > @@ -107,6 +107,38 @@ do_test (size_t align, size_t pos, size_t len, >> size_t n, int seek_char) >> > do_one_test (impl, (CHAR *) (buf + align), seek_char, n, result); >> > } >> > >> > +static void >> > +do_overflow_tests (void) >> > +{ >> > + size_t i, j, len; >> > + const size_t one = 1; >> > + uintptr_t buf_addr = (uintptr_t) buf1; >> > + >> > + for (i = 0; i < 750; ++i) >> > + { >> > + do_test (0, i, 751, SIZE_MAX - i, BIG_CHAR); >> > + do_test (0, i, 751, i - buf_addr, BIG_CHAR); >> > + do_test (0, i, 751, -buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, SIZE_MAX - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, SIZE_MAX - buf_addr + i, BIG_CHAR); >> > + >> > + len = 0; >> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >> > + { >> > + len |= one << j; >> > + do_test (0, i, 751, len - i, BIG_CHAR); >> > + do_test (0, i, 751, len + i, BIG_CHAR); >> > + do_test (0, i, 751, len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, len - buf_addr + i, BIG_CHAR); >> > + >> > + do_test (0, i, 751, ~len - i, BIG_CHAR); >> > + do_test (0, i, 751, ~len + i, BIG_CHAR); >> > + do_test (0, i, 751, ~len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, 751, ~len - buf_addr + i, BIG_CHAR); >> > + } >> > + } >> > +} >> > + >> > static void >> > do_random_tests (void) >> > { >> > @@ -221,6 +253,7 @@ test_main (void) >> > do_test (page_size / 2 - i, i, i, 1, 0x9B); >> > >> > do_random_tests (); >> > + do_overflow_tests (); >> > return ret; >> > } >> > >> > diff --git a/string/test-strncat.c b/string/test-strncat.c >> > index 2ef917b820..0ab7541d4e 100644 >> > --- a/string/test-strncat.c >> > +++ b/string/test-strncat.c >> > @@ -134,6 +134,66 @@ do_test (size_t align1, size_t align2, size_t >> len1, size_t len2, >> > } >> > } >> > >> > +static void >> > +do_overflow_tests (void) >> > +{ >> > + size_t i, j, len; >> > + const size_t one = 1; >> > + CHAR *s1, *s2; >> > + uintptr_t s1_addr; >> > + s1 = (CHAR *) buf1; >> > + s2 = (CHAR *) buf2; >> > + s1_addr = (uintptr_t)s1; >> > + for (j = 0; j < 200; ++j) >> > + s2[j] = 32 + 23 * j % (BIG_CHAR - 32); >> > + s2[200] = 0; >> > + for (i = 0; i < 750; ++i) { >> > + for (j = 0; j < i; ++j) >> > + s1[j] = 32 + 23 * j % (BIG_CHAR - 32); >> > + s1[i] = '\0'; >> > + >> > + FOR_EACH_IMPL (impl, 0) >> > + { >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, SIZE_MAX - i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, i - s1_addr); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, -s1_addr - i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr - i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr + i); >> > + } >> > + >> > + len = 0; >> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >> > + { >> > + len |= one << j; >> > + FOR_EACH_IMPL (impl, 0) >> > + { >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, len - i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, len + i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, len - s1_addr - i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, len - s1_addr + i); >> > + >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, ~len - i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, ~len + i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, ~len - s1_addr - i); >> > + s2[0] = '\0'; >> > + do_one_test (impl, s2, s1, ~len - s1_addr + i); >> > + } >> > + } >> > + } >> > +} >> > + >> > static void >> > do_random_tests (void) >> > { >> > @@ -316,6 +376,7 @@ test_main (void) >> > } >> > >> > do_random_tests (); >> > + do_overflow_tests (); >> > return ret; >> > } >> > >> > diff --git a/string/test-strnlen.c b/string/test-strnlen.c >> > index 920f58e97b..f53e09263f 100644 >> > --- a/string/test-strnlen.c >> > +++ b/string/test-strnlen.c >> > @@ -89,6 +89,38 @@ do_test (size_t align, size_t len, size_t maxlen, >> int max_char) >> > do_one_test (impl, (CHAR *) (buf + align), maxlen, MIN (len, >> maxlen)); >> > } >> > >> > +static void >> > +do_overflow_tests (void) >> > +{ >> > + size_t i, j, len; >> > + const size_t one = 1; >> > + uintptr_t buf_addr = (uintptr_t) buf1; >> > + >> > + for (i = 0; i < 750; ++i) >> > + { >> > + do_test (0, i, SIZE_MAX - i, BIG_CHAR); >> > + do_test (0, i, i - buf_addr, BIG_CHAR); >> > + do_test (0, i, -buf_addr - i, BIG_CHAR); >> > + do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR); >> > + >> > + len = 0; >> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >> > + { >> > + len |= one << j; >> > + do_test (0, i, len - i, BIG_CHAR); >> > + do_test (0, i, len + i, BIG_CHAR); >> > + do_test (0, i, len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, len - buf_addr + i, BIG_CHAR); >> > + >> > + do_test (0, i, ~len - i, BIG_CHAR); >> > + do_test (0, i, ~len + i, BIG_CHAR); >> > + do_test (0, i, ~len - buf_addr - i, BIG_CHAR); >> > + do_test (0, i, ~len - buf_addr + i, BIG_CHAR); >> > + } >> > + } >> > +} >> > + >> > static void >> > do_random_tests (void) >> > { >> > @@ -283,6 +315,7 @@ test_main (void) >> > do_random_tests (); >> > do_page_tests (); >> > do_page_2_tests (); >> > + do_overflow_tests (); >> > return ret; >> > } >> > >> > -- >> > 2.25.1 >> > >> >> >> -- >> H.J. >> > Ping if we want this in 2.34
On Tue, Jun 22, 2021 at 8:43 AM Noah Goldstein <goldstein.w.n@gmail.com> wrote: > > > On Wed, Jun 9, 2021 at 6:26 PM Noah Goldstein <goldstein.w.n@gmail.com> wrote: >> >> >> >> On Wed, Jun 9, 2021 at 5:54 PM H.J. Lu <hjl.tools@gmail.com> wrote: >>> >>> On Wed, Jun 9, 2021 at 1:53 PM Noah Goldstein <goldstein.w.n@gmail.com> wrote: >>> > >>> > This commit adds tests for a bug in the wide char variant of the >>> > functions where the implementation may assume that maxlen for wcsnlen >>> > or n for wmemchr/strncat will not overflow when multiplied by >>> > sizeof(wchar_t). >>> > >>> > These tests show the following implementations failing on x86_64: >>> > >>> > wcsnlen-sse4_1 >>> > wcsnlen-avx2 >>> > >>> > wmemchr-sse2 >>> > wmemchr-avx2 >>> > >>> > strncat would fail as well if it where on a system that prefered >>> > either of the wcsnlen implementations that failed as it relies on >>> > wcsnlen. >>> >>> Please open a bug report for each standard C function. We need to >>> track them for backporting to release branches. >> >> >> Done: https://sourceware.org/bugzilla/show_bug.cgi?id=27974 >> >>> >>> >>> Thanks. >>> >>> > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> >>> > --- >>> > string/test-memchr.c | 39 ++++++++++++++++++++++++--- >>> > string/test-strncat.c | 61 +++++++++++++++++++++++++++++++++++++++++++ >>> > string/test-strnlen.c | 33 +++++++++++++++++++++++ >>> > 3 files changed, 130 insertions(+), 3 deletions(-) >>> > >>> > diff --git a/string/test-memchr.c b/string/test-memchr.c >>> > index 665edc32af..ce964284aa 100644 >>> > --- a/string/test-memchr.c >>> > +++ b/string/test-memchr.c >>> > @@ -65,8 +65,8 @@ do_one_test (impl_t *impl, const CHAR *s, int c, size_t n, CHAR *exp_res) >>> > CHAR *res = CALL (impl, s, c, n); >>> > if (res != exp_res) >>> > { >>> > - error (0, 0, "Wrong result in function %s %p %p", impl->name, >>> > - res, exp_res); >>> > + error (0, 0, "Wrong result in function %s (%p, %d, %zu) -> %p != %p", >>> > + impl->name, s, c, n, res, exp_res); >>> > ret = 1; >>> > return; >>> > } >>> > @@ -91,7 +91,7 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) >>> > } >>> > buf[align + len] = 0; >>> > >>> > - if (pos < len) >>> > + if (pos < MIN(n, len)) >>> > { >>> > buf[align + pos] = seek_char; >>> > buf[align + len] = -seek_char; >>> > @@ -107,6 +107,38 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) >>> > do_one_test (impl, (CHAR *) (buf + align), seek_char, n, result); >>> > } >>> > >>> > +static void >>> > +do_overflow_tests (void) >>> > +{ >>> > + size_t i, j, len; >>> > + const size_t one = 1; >>> > + uintptr_t buf_addr = (uintptr_t) buf1; >>> > + >>> > + for (i = 0; i < 750; ++i) >>> > + { >>> > + do_test (0, i, 751, SIZE_MAX - i, BIG_CHAR); >>> > + do_test (0, i, 751, i - buf_addr, BIG_CHAR); >>> > + do_test (0, i, 751, -buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, 751, SIZE_MAX - buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, 751, SIZE_MAX - buf_addr + i, BIG_CHAR); >>> > + >>> > + len = 0; >>> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >>> > + { >>> > + len |= one << j; >>> > + do_test (0, i, 751, len - i, BIG_CHAR); >>> > + do_test (0, i, 751, len + i, BIG_CHAR); >>> > + do_test (0, i, 751, len - buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, 751, len - buf_addr + i, BIG_CHAR); >>> > + >>> > + do_test (0, i, 751, ~len - i, BIG_CHAR); >>> > + do_test (0, i, 751, ~len + i, BIG_CHAR); >>> > + do_test (0, i, 751, ~len - buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, 751, ~len - buf_addr + i, BIG_CHAR); >>> > + } >>> > + } >>> > +} >>> > + >>> > static void >>> > do_random_tests (void) >>> > { >>> > @@ -221,6 +253,7 @@ test_main (void) >>> > do_test (page_size / 2 - i, i, i, 1, 0x9B); >>> > >>> > do_random_tests (); >>> > + do_overflow_tests (); >>> > return ret; >>> > } >>> > >>> > diff --git a/string/test-strncat.c b/string/test-strncat.c >>> > index 2ef917b820..0ab7541d4e 100644 >>> > --- a/string/test-strncat.c >>> > +++ b/string/test-strncat.c >>> > @@ -134,6 +134,66 @@ do_test (size_t align1, size_t align2, size_t len1, size_t len2, >>> > } >>> > } >>> > >>> > +static void >>> > +do_overflow_tests (void) >>> > +{ >>> > + size_t i, j, len; >>> > + const size_t one = 1; >>> > + CHAR *s1, *s2; >>> > + uintptr_t s1_addr; >>> > + s1 = (CHAR *) buf1; >>> > + s2 = (CHAR *) buf2; >>> > + s1_addr = (uintptr_t)s1; >>> > + for (j = 0; j < 200; ++j) >>> > + s2[j] = 32 + 23 * j % (BIG_CHAR - 32); >>> > + s2[200] = 0; >>> > + for (i = 0; i < 750; ++i) { >>> > + for (j = 0; j < i; ++j) >>> > + s1[j] = 32 + 23 * j % (BIG_CHAR - 32); >>> > + s1[i] = '\0'; >>> > + >>> > + FOR_EACH_IMPL (impl, 0) >>> > + { >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, SIZE_MAX - i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, i - s1_addr); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, -s1_addr - i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr - i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr + i); >>> > + } >>> > + >>> > + len = 0; >>> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >>> > + { >>> > + len |= one << j; >>> > + FOR_EACH_IMPL (impl, 0) >>> > + { >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, len - i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, len + i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, len - s1_addr - i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, len - s1_addr + i); >>> > + >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, ~len - i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, ~len + i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, ~len - s1_addr - i); >>> > + s2[0] = '\0'; >>> > + do_one_test (impl, s2, s1, ~len - s1_addr + i); >>> > + } >>> > + } >>> > + } >>> > +} >>> > + >>> > static void >>> > do_random_tests (void) >>> > { >>> > @@ -316,6 +376,7 @@ test_main (void) >>> > } >>> > >>> > do_random_tests (); >>> > + do_overflow_tests (); >>> > return ret; >>> > } >>> > >>> > diff --git a/string/test-strnlen.c b/string/test-strnlen.c >>> > index 920f58e97b..f53e09263f 100644 >>> > --- a/string/test-strnlen.c >>> > +++ b/string/test-strnlen.c >>> > @@ -89,6 +89,38 @@ do_test (size_t align, size_t len, size_t maxlen, int max_char) >>> > do_one_test (impl, (CHAR *) (buf + align), maxlen, MIN (len, maxlen)); >>> > } >>> > >>> > +static void >>> > +do_overflow_tests (void) >>> > +{ >>> > + size_t i, j, len; >>> > + const size_t one = 1; >>> > + uintptr_t buf_addr = (uintptr_t) buf1; >>> > + >>> > + for (i = 0; i < 750; ++i) >>> > + { >>> > + do_test (0, i, SIZE_MAX - i, BIG_CHAR); >>> > + do_test (0, i, i - buf_addr, BIG_CHAR); >>> > + do_test (0, i, -buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR); >>> > + >>> > + len = 0; >>> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) >>> > + { >>> > + len |= one << j; >>> > + do_test (0, i, len - i, BIG_CHAR); >>> > + do_test (0, i, len + i, BIG_CHAR); >>> > + do_test (0, i, len - buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, len - buf_addr + i, BIG_CHAR); >>> > + >>> > + do_test (0, i, ~len - i, BIG_CHAR); >>> > + do_test (0, i, ~len + i, BIG_CHAR); >>> > + do_test (0, i, ~len - buf_addr - i, BIG_CHAR); >>> > + do_test (0, i, ~len - buf_addr + i, BIG_CHAR); >>> > + } >>> > + } >>> > +} >>> > + >>> > static void >>> > do_random_tests (void) >>> > { >>> > @@ -283,6 +315,7 @@ test_main (void) >>> > do_random_tests (); >>> > do_page_tests (); >>> > do_page_2_tests (); >>> > + do_overflow_tests (); >>> > return ret; >>> > } >>> > >>> > -- >>> > 2.25.1 >>> > >>> >>> >>> -- >>> H.J. > > > Ping if we want this in 2.34 Can you repost the patches with BZ# in the commit log? Thanks.
On Tue, Jun 22, 2021 at 12:19 PM H.J. Lu <hjl.tools@gmail.com> wrote: > On Tue, Jun 22, 2021 at 8:43 AM Noah Goldstein <goldstein.w.n@gmail.com> > wrote: > > > > > > On Wed, Jun 9, 2021 at 6:26 PM Noah Goldstein <goldstein.w.n@gmail.com> > wrote: > >> > >> > >> > >> On Wed, Jun 9, 2021 at 5:54 PM H.J. Lu <hjl.tools@gmail.com> wrote: > >>> > >>> On Wed, Jun 9, 2021 at 1:53 PM Noah Goldstein <goldstein.w.n@gmail.com> > wrote: > >>> > > >>> > This commit adds tests for a bug in the wide char variant of the > >>> > functions where the implementation may assume that maxlen for wcsnlen > >>> > or n for wmemchr/strncat will not overflow when multiplied by > >>> > sizeof(wchar_t). > >>> > > >>> > These tests show the following implementations failing on x86_64: > >>> > > >>> > wcsnlen-sse4_1 > >>> > wcsnlen-avx2 > >>> > > >>> > wmemchr-sse2 > >>> > wmemchr-avx2 > >>> > > >>> > strncat would fail as well if it where on a system that prefered > >>> > either of the wcsnlen implementations that failed as it relies on > >>> > wcsnlen. > >>> > >>> Please open a bug report for each standard C function. We need to > >>> track them for backporting to release branches. > >> > >> > >> Done: https://sourceware.org/bugzilla/show_bug.cgi?id=27974 > >> > >>> > >>> > >>> Thanks. > >>> > >>> > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> > >>> > --- > >>> > string/test-memchr.c | 39 ++++++++++++++++++++++++--- > >>> > string/test-strncat.c | 61 > +++++++++++++++++++++++++++++++++++++++++++ > >>> > string/test-strnlen.c | 33 +++++++++++++++++++++++ > >>> > 3 files changed, 130 insertions(+), 3 deletions(-) > >>> > > >>> > diff --git a/string/test-memchr.c b/string/test-memchr.c > >>> > index 665edc32af..ce964284aa 100644 > >>> > --- a/string/test-memchr.c > >>> > +++ b/string/test-memchr.c > >>> > @@ -65,8 +65,8 @@ do_one_test (impl_t *impl, const CHAR *s, int c, > size_t n, CHAR *exp_res) > >>> > CHAR *res = CALL (impl, s, c, n); > >>> > if (res != exp_res) > >>> > { > >>> > - error (0, 0, "Wrong result in function %s %p %p", impl->name, > >>> > - res, exp_res); > >>> > + error (0, 0, "Wrong result in function %s (%p, %d, %zu) -> %p > != %p", > >>> > + impl->name, s, c, n, res, exp_res); > >>> > ret = 1; > >>> > return; > >>> > } > >>> > @@ -91,7 +91,7 @@ do_test (size_t align, size_t pos, size_t len, > size_t n, int seek_char) > >>> > } > >>> > buf[align + len] = 0; > >>> > > >>> > - if (pos < len) > >>> > + if (pos < MIN(n, len)) > >>> > { > >>> > buf[align + pos] = seek_char; > >>> > buf[align + len] = -seek_char; > >>> > @@ -107,6 +107,38 @@ do_test (size_t align, size_t pos, size_t len, > size_t n, int seek_char) > >>> > do_one_test (impl, (CHAR *) (buf + align), seek_char, n, > result); > >>> > } > >>> > > >>> > +static void > >>> > +do_overflow_tests (void) > >>> > +{ > >>> > + size_t i, j, len; > >>> > + const size_t one = 1; > >>> > + uintptr_t buf_addr = (uintptr_t) buf1; > >>> > + > >>> > + for (i = 0; i < 750; ++i) > >>> > + { > >>> > + do_test (0, i, 751, SIZE_MAX - i, BIG_CHAR); > >>> > + do_test (0, i, 751, i - buf_addr, BIG_CHAR); > >>> > + do_test (0, i, 751, -buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, 751, SIZE_MAX - buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, 751, SIZE_MAX - buf_addr + i, BIG_CHAR); > >>> > + > >>> > + len = 0; > >>> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > >>> > + { > >>> > + len |= one << j; > >>> > + do_test (0, i, 751, len - i, BIG_CHAR); > >>> > + do_test (0, i, 751, len + i, BIG_CHAR); > >>> > + do_test (0, i, 751, len - buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, 751, len - buf_addr + i, BIG_CHAR); > >>> > + > >>> > + do_test (0, i, 751, ~len - i, BIG_CHAR); > >>> > + do_test (0, i, 751, ~len + i, BIG_CHAR); > >>> > + do_test (0, i, 751, ~len - buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, 751, ~len - buf_addr + i, BIG_CHAR); > >>> > + } > >>> > + } > >>> > +} > >>> > + > >>> > static void > >>> > do_random_tests (void) > >>> > { > >>> > @@ -221,6 +253,7 @@ test_main (void) > >>> > do_test (page_size / 2 - i, i, i, 1, 0x9B); > >>> > > >>> > do_random_tests (); > >>> > + do_overflow_tests (); > >>> > return ret; > >>> > } > >>> > > >>> > diff --git a/string/test-strncat.c b/string/test-strncat.c > >>> > index 2ef917b820..0ab7541d4e 100644 > >>> > --- a/string/test-strncat.c > >>> > +++ b/string/test-strncat.c > >>> > @@ -134,6 +134,66 @@ do_test (size_t align1, size_t align2, size_t > len1, size_t len2, > >>> > } > >>> > } > >>> > > >>> > +static void > >>> > +do_overflow_tests (void) > >>> > +{ > >>> > + size_t i, j, len; > >>> > + const size_t one = 1; > >>> > + CHAR *s1, *s2; > >>> > + uintptr_t s1_addr; > >>> > + s1 = (CHAR *) buf1; > >>> > + s2 = (CHAR *) buf2; > >>> > + s1_addr = (uintptr_t)s1; > >>> > + for (j = 0; j < 200; ++j) > >>> > + s2[j] = 32 + 23 * j % (BIG_CHAR - 32); > >>> > + s2[200] = 0; > >>> > + for (i = 0; i < 750; ++i) { > >>> > + for (j = 0; j < i; ++j) > >>> > + s1[j] = 32 + 23 * j % (BIG_CHAR - 32); > >>> > + s1[i] = '\0'; > >>> > + > >>> > + FOR_EACH_IMPL (impl, 0) > >>> > + { > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, SIZE_MAX - i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, i - s1_addr); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, -s1_addr - i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr - i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr + i); > >>> > + } > >>> > + > >>> > + len = 0; > >>> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > >>> > + { > >>> > + len |= one << j; > >>> > + FOR_EACH_IMPL (impl, 0) > >>> > + { > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, len - i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, len + i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, len - s1_addr - i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, len - s1_addr + i); > >>> > + > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, ~len - i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, ~len + i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, ~len - s1_addr - i); > >>> > + s2[0] = '\0'; > >>> > + do_one_test (impl, s2, s1, ~len - s1_addr + i); > >>> > + } > >>> > + } > >>> > + } > >>> > +} > >>> > + > >>> > static void > >>> > do_random_tests (void) > >>> > { > >>> > @@ -316,6 +376,7 @@ test_main (void) > >>> > } > >>> > > >>> > do_random_tests (); > >>> > + do_overflow_tests (); > >>> > return ret; > >>> > } > >>> > > >>> > diff --git a/string/test-strnlen.c b/string/test-strnlen.c > >>> > index 920f58e97b..f53e09263f 100644 > >>> > --- a/string/test-strnlen.c > >>> > +++ b/string/test-strnlen.c > >>> > @@ -89,6 +89,38 @@ do_test (size_t align, size_t len, size_t maxlen, > int max_char) > >>> > do_one_test (impl, (CHAR *) (buf + align), maxlen, MIN (len, > maxlen)); > >>> > } > >>> > > >>> > +static void > >>> > +do_overflow_tests (void) > >>> > +{ > >>> > + size_t i, j, len; > >>> > + const size_t one = 1; > >>> > + uintptr_t buf_addr = (uintptr_t) buf1; > >>> > + > >>> > + for (i = 0; i < 750; ++i) > >>> > + { > >>> > + do_test (0, i, SIZE_MAX - i, BIG_CHAR); > >>> > + do_test (0, i, i - buf_addr, BIG_CHAR); > >>> > + do_test (0, i, -buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR); > >>> > + > >>> > + len = 0; > >>> > + for (j = 8 * sizeof(size_t) - 1; j ; --j) > >>> > + { > >>> > + len |= one << j; > >>> > + do_test (0, i, len - i, BIG_CHAR); > >>> > + do_test (0, i, len + i, BIG_CHAR); > >>> > + do_test (0, i, len - buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, len - buf_addr + i, BIG_CHAR); > >>> > + > >>> > + do_test (0, i, ~len - i, BIG_CHAR); > >>> > + do_test (0, i, ~len + i, BIG_CHAR); > >>> > + do_test (0, i, ~len - buf_addr - i, BIG_CHAR); > >>> > + do_test (0, i, ~len - buf_addr + i, BIG_CHAR); > >>> > + } > >>> > + } > >>> > +} > >>> > + > >>> > static void > >>> > do_random_tests (void) > >>> > { > >>> > @@ -283,6 +315,7 @@ test_main (void) > >>> > do_random_tests (); > >>> > do_page_tests (); > >>> > do_page_2_tests (); > >>> > + do_overflow_tests (); > >>> > return ret; > >>> > } > >>> > > >>> > -- > >>> > 2.25.1 > >>> > > >>> > >>> > >>> -- > >>> H.J. > > > > > > Ping if we want this in 2.34 > > Can you repost the patches with BZ# in the commit log? > Done. (Not sure why the patch didn't come in as reply to this one but just posted). > > Thanks. > > -- > H.J. >
diff --git a/string/test-memchr.c b/string/test-memchr.c index 665edc32af..ce964284aa 100644 --- a/string/test-memchr.c +++ b/string/test-memchr.c @@ -65,8 +65,8 @@ do_one_test (impl_t *impl, const CHAR *s, int c, size_t n, CHAR *exp_res) CHAR *res = CALL (impl, s, c, n); if (res != exp_res) { - error (0, 0, "Wrong result in function %s %p %p", impl->name, - res, exp_res); + error (0, 0, "Wrong result in function %s (%p, %d, %zu) -> %p != %p", + impl->name, s, c, n, res, exp_res); ret = 1; return; } @@ -91,7 +91,7 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) } buf[align + len] = 0; - if (pos < len) + if (pos < MIN(n, len)) { buf[align + pos] = seek_char; buf[align + len] = -seek_char; @@ -107,6 +107,38 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char) do_one_test (impl, (CHAR *) (buf + align), seek_char, n, result); } +static void +do_overflow_tests (void) +{ + size_t i, j, len; + const size_t one = 1; + uintptr_t buf_addr = (uintptr_t) buf1; + + for (i = 0; i < 750; ++i) + { + do_test (0, i, 751, SIZE_MAX - i, BIG_CHAR); + do_test (0, i, 751, i - buf_addr, BIG_CHAR); + do_test (0, i, 751, -buf_addr - i, BIG_CHAR); + do_test (0, i, 751, SIZE_MAX - buf_addr - i, BIG_CHAR); + do_test (0, i, 751, SIZE_MAX - buf_addr + i, BIG_CHAR); + + len = 0; + for (j = 8 * sizeof(size_t) - 1; j ; --j) + { + len |= one << j; + do_test (0, i, 751, len - i, BIG_CHAR); + do_test (0, i, 751, len + i, BIG_CHAR); + do_test (0, i, 751, len - buf_addr - i, BIG_CHAR); + do_test (0, i, 751, len - buf_addr + i, BIG_CHAR); + + do_test (0, i, 751, ~len - i, BIG_CHAR); + do_test (0, i, 751, ~len + i, BIG_CHAR); + do_test (0, i, 751, ~len - buf_addr - i, BIG_CHAR); + do_test (0, i, 751, ~len - buf_addr + i, BIG_CHAR); + } + } +} + static void do_random_tests (void) { @@ -221,6 +253,7 @@ test_main (void) do_test (page_size / 2 - i, i, i, 1, 0x9B); do_random_tests (); + do_overflow_tests (); return ret; } diff --git a/string/test-strncat.c b/string/test-strncat.c index 2ef917b820..0ab7541d4e 100644 --- a/string/test-strncat.c +++ b/string/test-strncat.c @@ -134,6 +134,66 @@ do_test (size_t align1, size_t align2, size_t len1, size_t len2, } } +static void +do_overflow_tests (void) +{ + size_t i, j, len; + const size_t one = 1; + CHAR *s1, *s2; + uintptr_t s1_addr; + s1 = (CHAR *) buf1; + s2 = (CHAR *) buf2; + s1_addr = (uintptr_t)s1; + for (j = 0; j < 200; ++j) + s2[j] = 32 + 23 * j % (BIG_CHAR - 32); + s2[200] = 0; + for (i = 0; i < 750; ++i) { + for (j = 0; j < i; ++j) + s1[j] = 32 + 23 * j % (BIG_CHAR - 32); + s1[i] = '\0'; + + FOR_EACH_IMPL (impl, 0) + { + s2[0] = '\0'; + do_one_test (impl, s2, s1, SIZE_MAX - i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, i - s1_addr); + s2[0] = '\0'; + do_one_test (impl, s2, s1, -s1_addr - i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr - i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, SIZE_MAX - s1_addr + i); + } + + len = 0; + for (j = 8 * sizeof(size_t) - 1; j ; --j) + { + len |= one << j; + FOR_EACH_IMPL (impl, 0) + { + s2[0] = '\0'; + do_one_test (impl, s2, s1, len - i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, len + i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, len - s1_addr - i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, len - s1_addr + i); + + s2[0] = '\0'; + do_one_test (impl, s2, s1, ~len - i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, ~len + i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, ~len - s1_addr - i); + s2[0] = '\0'; + do_one_test (impl, s2, s1, ~len - s1_addr + i); + } + } + } +} + static void do_random_tests (void) { @@ -316,6 +376,7 @@ test_main (void) } do_random_tests (); + do_overflow_tests (); return ret; } diff --git a/string/test-strnlen.c b/string/test-strnlen.c index 920f58e97b..f53e09263f 100644 --- a/string/test-strnlen.c +++ b/string/test-strnlen.c @@ -89,6 +89,38 @@ do_test (size_t align, size_t len, size_t maxlen, int max_char) do_one_test (impl, (CHAR *) (buf + align), maxlen, MIN (len, maxlen)); } +static void +do_overflow_tests (void) +{ + size_t i, j, len; + const size_t one = 1; + uintptr_t buf_addr = (uintptr_t) buf1; + + for (i = 0; i < 750; ++i) + { + do_test (0, i, SIZE_MAX - i, BIG_CHAR); + do_test (0, i, i - buf_addr, BIG_CHAR); + do_test (0, i, -buf_addr - i, BIG_CHAR); + do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR); + do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR); + + len = 0; + for (j = 8 * sizeof(size_t) - 1; j ; --j) + { + len |= one << j; + do_test (0, i, len - i, BIG_CHAR); + do_test (0, i, len + i, BIG_CHAR); + do_test (0, i, len - buf_addr - i, BIG_CHAR); + do_test (0, i, len - buf_addr + i, BIG_CHAR); + + do_test (0, i, ~len - i, BIG_CHAR); + do_test (0, i, ~len + i, BIG_CHAR); + do_test (0, i, ~len - buf_addr - i, BIG_CHAR); + do_test (0, i, ~len - buf_addr + i, BIG_CHAR); + } + } +} + static void do_random_tests (void) { @@ -283,6 +315,7 @@ test_main (void) do_random_tests (); do_page_tests (); do_page_2_tests (); + do_overflow_tests (); return ret; }
This commit adds tests for a bug in the wide char variant of the functions where the implementation may assume that maxlen for wcsnlen or n for wmemchr/strncat will not overflow when multiplied by sizeof(wchar_t). These tests show the following implementations failing on x86_64: wcsnlen-sse4_1 wcsnlen-avx2 wmemchr-sse2 wmemchr-avx2 strncat would fail as well if it where on a system that prefered either of the wcsnlen implementations that failed as it relies on wcsnlen. Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> --- string/test-memchr.c | 39 ++++++++++++++++++++++++--- string/test-strncat.c | 61 +++++++++++++++++++++++++++++++++++++++++++ string/test-strnlen.c | 33 +++++++++++++++++++++++ 3 files changed, 130 insertions(+), 3 deletions(-)