From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/181
Path: news.gmane.org!not-for-mail
From: Rich Felker <dalias@aerifal.cx>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: cluts memcpy() test
Date: Wed, 20 Jul 2011 09:27:06 -0400
Message-ID: <20110720132706.GA132@brightrain.aerifal.cx>
References: <20110720002858.GA29175@openwall.com>
 <CAHf7i5TRRq_pnHc7cf5hK3htiektvR1SnXK5CBRa+PDzjM5qrA@mail.gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: dough.gmane.org 1311169050 13180 80.91.229.12 (20 Jul 2011 13:37:30 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 20 Jul 2011 13:37:30 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-265-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jul 20 15:37:25 2011
Return-path: <musl-return-265-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@lo.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by lo.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-265-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1QjWxo-0000jP-RG
	for gllmg-musl@lo.gmane.org; Wed, 20 Jul 2011 15:37:24 +0200
Original-Received: (qmail 11899 invoked by uid 550); 20 Jul 2011 13:37:24 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 11888 invoked from network); 20 Jul 2011 13:37:23 -0000
Content-Disposition: inline
In-Reply-To: <CAHf7i5TRRq_pnHc7cf5hK3htiektvR1SnXK5CBRa+PDzjM5qrA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Xref: news.gmane.org gmane.linux.lib.musl.general:181
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/181>

On Wed, Jul 20, 2011 at 12:30:35PM +0200, Luka M. wrote:
> On Wed, Jul 20, 2011 at 2:28 AM, Solar Designer <solar@openwall.com> wrote:
> 
> > Luka, Rich -
> >
> > It'd be nice for cluts to detect issues like this:
> >
> > http://www.nodefense.org/eglibc.txt
> >
> > Maybe it already does?
> >
> 
> Hey Alexander. Cluts doesn't test negative values for memcpy. Such a thing
> hasn't occured to me: The prototype for the function specifies a size_t
> argument, and size_t is supposed to be unsigned. This means, _afaik_, that a
> negative value should be implicitly cast to a positive "equivalent". So, I

The problem is (or rather was; I assume it's fixed now) broken asm in
glibc that treated the unsigned value as if it were signed...

Note that musl will not allow you to allocate memory so large that the
unsigned size would be negative if interpreted as a signed value,
since that would create dangerous situations where ptrdiff_t
overflows. It may still be possible to make a region that large
explicitly using mmap, however.

Rich