summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2019-01-21 11:32:24 -0800
committerH.J. Lu <hjl.tools@gmail.com>2019-01-21 11:32:37 -0800
commit82d0b4a4d76db554eb6757acb790fcea30b19965 (patch)
treea3cb4225e0d8370936489c41be107825ba20a301 /ChangeLog
parentx86-64 memrchr: Properly handle the length parameter [BZ# 24097] (diff)
downloadglibc-82d0b4a4d76db554eb6757acb790fcea30b19965.tar.gz
glibc-82d0b4a4d76db554eb6757acb790fcea30b19965.tar.bz2
glibc-82d0b4a4d76db554eb6757acb790fcea30b19965.zip
x86-64 memset/wmemset: Properly handle the length parameter [BZ# 24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a 64-bit register with the non-zero upper 32 bits. The string/memory functions written in assembly can only use the lower 32 bits of a 64-bit register as length or must clear the upper 32 bits before using the full 64-bit register for length. This pach fixes memset/wmemset for x32. Tested on x86-64 and x32. On x86-64, libc.so is the same with and withou the fix. [BZ# 24097] CVE-2019-6488 * sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S: Use RDX_LP for length. Clear the upper 32 bits of RDX register. * sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S: Likewise. * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-wmemset. * sysdeps/x86_64/x32/tst-size_t-memset.c: New file. * sysdeps/x86_64/x32/tst-size_t-wmemset.c: Likewise.
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog11
1 files changed, 11 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index f3d6ab8883..3d87302c12 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,17 @@
[BZ# 24097]
CVE-2019-6488
+ * sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S: Use
+ RDX_LP for length. Clear the upper 32 bits of RDX register.
+ * sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S: Likewise.
+ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-wmemset.
+ * sysdeps/x86_64/x32/tst-size_t-memset.c: New file.
+ * sysdeps/x86_64/x32/tst-size_t-wmemset.c: Likewise.
+
+2019-01-21 H.J. Lu <hongjiu.lu@intel.com>
+
+ [BZ# 24097]
+ CVE-2019-6488
* sysdeps/x86_64/memrchr.S: Use RDX_LP for length.
* sysdeps/x86_64/multiarch/memrchr-avx2.S: Likewise.
* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memrchr.