ping?
On Mon, Jul 29, 2019 at 12:05 PM enh <[email protected]> wrote: > > ping? > > On Fri, Jul 26, 2019 at 2:32 PM enh <[email protected]> wrote: > > > > This affects both arm and x86, causing a signed comparison rather than > > an unsigned one. > > > > Here's arm: > > > > if (data <= (char *)2) data = 0; > > 51ecc: 2902 cmp r1, #2 > > 51ece: d905 bls.n 51edc <xargs_main+0x158> > > > > if ((long)data <= 2) data = 0; > > 51ecc: 2902 cmp r1, #2 > > 51ece: dc02 bgt.n 51ed6 <xargs_main+0x152> > > > > And x86 was similiar (and was where I first stumbled across this bug): > > > > if (data <= (char *)2) data = 0; > > 73ad7: 83 f8 02 cmp $0x2,%eax > > 73ada: 76 12 jbe 73aee <xargs_main+0x223> > > > > if ((long)data <= 2) data = 0; > > 73ad7: 83 f8 02 cmp $0x2,%eax > > 73ada: 7e 12 jle 73aee <xargs_main+0x223> > > > > For some reason, on the desktop I seem to see heap addresses low enough > > to not appear negative, whereas Android seems to fail every time. > > jemalloc is presumably more likely to allocate high? > > > > While I'm here, make it clearer that we're ignoring the allocated length > > argument to getdelim(), and stop storing the actual length at all > > because we don't use it afterwards. This wasn't _wrong_, but it was a > > red herring when I started debugging. > > --- > > toys/posix/xargs.c | 7 +++---- > > 1 file changed, 3 insertions(+), 4 deletions(-) _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
