negative memcpy
Kevin Cernekee
cernekee at gmail.com
Thu Aug 11 06:17:47 UTC 2011
On a MIPS 74K I would expect it to end up here:
>> 400338: 28c80008 slti t0,a2,8
>> 40033c: 15000035 bnez t0,400414 <__BMIPS3300_memcpy_last8>
>> 400340: 00801021 move v0,a0
...
>> 00400414 <__BMIPS3300_memcpy_last8>:
>> 400414: 18c00006 blez a2,400430 <__BMIPS3300_memcpy_lst8e>
>> 400418: 00c53821 addu a3,a2,a1
...
>> 00400430 <__BMIPS3300_memcpy_lst8e>:
>> 400430: 03e00008 jr ra
>> 400434: 00000000 nop
blez = branch if less than or equal to zero.
It would be a good idea to read through the whole function and figure
out whether $a2 can ever become negative in normal operation, before
changing the signed comparisons to unsigned.
Another possible hack is to AND $a2 with 0x7fffffff on entry. This
would probably not catch cases like passing in a length of 0x80000010,
but it would catch lengths like 0xffffffff.
More information about the uClibc
mailing list