ping?
On Fri, Jul 26, 2019 at 2:32 PM enh <[email protected]> wrote: > > This affects both arm and x86, causing a signed comparison rather than > an unsigned one. > > Here's arm: > > if (data <= (char *)2) data = 0; > 51ecc: 2902 cmp r1, #2 > 51ece: d905 bls.n 51edc <xargs_main+0x158> > > if ((long)data <= 2) data = 0; > 51ecc: 2902 cmp r1, #2 > 51ece: dc02 bgt.n 51ed6 <xargs_main+0x152> > > And x86 was similiar (and was where I first stumbled across this bug): > > if (data <= (char *)2) data = 0; > 73ad7: 83 f8 02 cmp $0x2,%eax > 73ada: 76 12 jbe 73aee <xargs_main+0x223> > > if ((long)data <= 2) data = 0; > 73ad7: 83 f8 02 cmp $0x2,%eax > 73ada: 7e 12 jle 73aee <xargs_main+0x223> > > For some reason, on the desktop I seem to see heap addresses low enough > to not appear negative, whereas Android seems to fail every time. > jemalloc is presumably more likely to allocate high? > > While I'm here, make it clearer that we're ignoring the allocated length > argument to getdelim(), and stop storing the actual length at all > because we don't use it afterwards. This wasn't _wrong_, but it was a > red herring when I started debugging. > --- > toys/posix/xargs.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
