[Bug 8886] New: Undefined behaviour in _wordcopy_fwd_aligned
bugzilla at busybox.net
bugzilla at busybox.net
Mon Apr 25 08:04:06 UTC 2016
https://bugs.busybox.net/show_bug.cgi?id=8886
Bug ID: 8886
Summary: Undefined behaviour in _wordcopy_fwd_aligned
Product: uClibc
Version: 0.9.34
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at uclibc.org
Reporter: mt at debian.org
CC: uclibc-cvs at uclibc.org
Target Milestone: ---
Running CBMC (C bounded model checker) on code that uses uClibc, it reports a
genuine counterexample proving the possibility of memory errors as follows:
For
static void _wordcopy_fwd_aligned (long int dstp, long int srcp, size_t len)
and len < 5, the subtractions performed in the switch/case statement yield
pointers outside the object pointed to. This is undefined behaviour as
described in C standard section 6.5.6, paragraph 8.
It seems the assembly-level implementation does not use such an approach, and
therefore is safe.
Best,
Michael
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the uClibc-cvs
mailing list