This test code should return always the same string but it doesn't. ** Description changed:
Hello. I found a terrible bug in memory copy routine. Here is the code - movl LEN(%esp), %ecx - movl SRC(%esp), %eax - movl DEST(%esp), %edx + movl LEN(%esp), %ecx + movl SRC(%esp), %eax + movl DEST(%esp), %edx ...... L(fwd_write_less32bytes): #ifndef USE_AS_MEMMOVE - cmp %dl, %al -----<<<<< BUG !!! - jb L(bk_write) + cmp %dl, %al -----<<<<< BUG !!! + jb L(bk_write) Assume, that I have an array of char AR and I want move data from AR[10] to AR[0] with length 47. Data should be copied in forward direction. Problem is when AR[10] overlaps 255 bytes boundary. For example address of AR[0] is 0x000000F8 (EDX) and address of AR[10] is 0x00000102 (EAX) then cmp %dl,%al return AL as smaller then DL and the data are copied in reverse direction that causes data corruption. - In reality it will cause problems on Ubuntu 10.04 mod_ssl in Apache with last updates installed (libc6: Installed: 2.11.1-0ubuntu7.2), which are sometimes unable to process the HTTP header because of malformed data, but may cause other unexpected behavior. + In reality it will cause problems on Ubuntu 10.04 mod_ssl in Apache with last updates installed (libc6: Installed: 2.11.1-0ubuntu7.2), which are sometimes unable to process the HTTP header because of malformed data, but may cause other unexpected behavior (bug #595116, bug #595855, bug #589611 and maybe others). I don't know if only this one file is affected by this bug. See GDB snapshot in attachment - Regards - Jiri Engelthaler + Regards + Jiri Engelthaler ** Attachment added: "memcpy test" http://launchpadlibrarian.net/52415329/memcpytest.c -- Critical bug in memcpy-ssse3-rep.S https://bugs.launchpad.net/bugs/609290 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
