From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5275
Path: news.gmane.org!not-for-mail
From: =?UTF-8?Q?Cl=C3=A9ment?= Vasseur <clement.vasseur@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: uninitialized memory access in memmem()
Date: Thu, 19 Jun 2014 01:43:50 +0000 (UTC)
Message-ID: <lntf8m$h7e$1@ger.gmane.org>
References: <lnsl9h$sul$1@ger.gmane.org>
 <20140619010642.GI179@brightrain.aerifal.cx>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: ger.gmane.org 1403142267 21555 80.91.229.3 (19 Jun 2014 01:44:27 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 19 Jun 2014 01:44:27 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-5280-gllmg-musl=m.gmane.org@lists.openwall.com Thu Jun 19 03:44:21 2014
Return-path: <musl-return-5280-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-5280-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1WxROh-00040P-VM
	for gllmg-musl@plane.gmane.org; Thu, 19 Jun 2014 03:44:16 +0200
Original-Received: (qmail 25792 invoked by uid 550); 19 Jun 2014 01:44:15 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 25784 invoked from network); 19 Jun 2014 01:44:15 -0000
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 37
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 195-154-127-44.rev.poneytelecom.eu
User-Agent: slrn/1.0.1 (Linux)
Xref: news.gmane.org gmane.linux.lib.musl.general:5275
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/5275>

On 2014-06-19, Rich Felker <dalias@libc.org> wrote:
> On Wed, Jun 18, 2014 at 06:20:33PM +0000, Clément Vasseur wrote:
>> Hello,
>> 
>> I found a case where memmem() returns 0 where it should not:
>> 
>> $ cat test-memmem.c
>> #define _GNU_SOURCE
>> #include <string.h>
>> #include <assert.h>
>> 
>> #define DATA 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
>> 
>> int main(void)
>> {
>>     const unsigned char haystack[] = { DATA };
>>     const unsigned char needle[] = { DATA };
>>     assert(memmem(haystack, sizeof haystack, needle, sizeof needle));
>> }
>> 
>> $ musl-gcc test-memmem.c && ./a.out
>> Assertion failed: memmem(haystack, sizeof haystack, needle, sizeof needle) (test-memmem.c: main: 11)
>> Aborted
>> 
>> Valgrind says a conditional jump or move depends on uninitalized value
>> in twoway_memmem(). The code is quite complicated so I have not tried to
>> track it down any further.
>
> Can you provide more details? musl version? gcc version? arch? I can't
> reproduce this error in master with gcc 4.7.3/i386.

I use master (7c73cac) with gcc 4.6.1/x86_64.

I have another pattern which fails with gcc 4.8.3/arm. Looks like you
might reproduce this one on your 32-bit arch:

#define DATA 0x50, 0x17, 0x8a, 0xf3, 0x55, 0x67, 0x58, 0xdf