From 883ef2499c2ff76605f73b1240f719ca6282e554 Mon Sep 17 00:00:00 2001 From: Christopher Ferris Date: Tue, 10 Sep 2013 16:56:34 -0700 Subject: __memcpy_chk: Fix signed cmp of unsigned values. I accidentally did a signed comparison of the size_t values passed in for three of the _chk functions. Changing them to unsigned compares. Add three new tests to verify this failure is fixed. Bug: 10691831 Change-Id: Ia831071f7dffd5972a748d888dd506c7cc7ddba3 --- libc/arch-arm/cortex-a15/bionic/__strcat_chk.S | 2 +- libc/arch-arm/cortex-a15/bionic/__strcpy_chk.S | 2 +- libc/arch-arm/cortex-a15/bionic/memcpy.S | 2 +- libc/arch-arm/cortex-a9/bionic/__strcat_chk.S | 2 +- libc/arch-arm/cortex-a9/bionic/__strcpy_chk.S | 2 +- libc/arch-arm/cortex-a9/bionic/memcpy.S | 2 +- libc/arch-arm/krait/bionic/__strcat_chk.S | 2 +- libc/arch-arm/krait/bionic/__strcpy_chk.S | 2 +- libc/arch-arm/krait/bionic/memcpy.S | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) (limited to 'libc') diff --git a/libc/arch-arm/cortex-a15/bionic/__strcat_chk.S b/libc/arch-arm/cortex-a15/bionic/__strcat_chk.S index 4693600..4aaa9f1 100644 --- a/libc/arch-arm/cortex-a15/bionic/__strcat_chk.S +++ b/libc/arch-arm/cortex-a15/bionic/__strcat_chk.S @@ -180,7 +180,7 @@ ENTRY(__strcat_chk) .L_strlen_done: add r2, r3, r4 cmp r2, lr - bgt __strcat_chk_failed + bhi __strcat_chk_failed // Set up the registers for the memcpy code. mov r1, r5 diff --git a/libc/arch-arm/cortex-a15/bionic/__strcpy_chk.S b/libc/arch-arm/cortex-a15/bionic/__strcpy_chk.S index 1224b49..05152e6 100644 --- a/libc/arch-arm/cortex-a15/bionic/__strcpy_chk.S +++ b/libc/arch-arm/cortex-a15/bionic/__strcpy_chk.S @@ -151,7 +151,7 @@ ENTRY(__strcpy_chk) pld [r1, #64] ldr r0, [sp] cmp r3, lr - bge __strcpy_chk_failed + bhs __strcpy_chk_failed // Add 1 for copy length to get the string terminator. add r2, r3, #1 diff --git a/libc/arch-arm/cortex-a15/bionic/memcpy.S b/libc/arch-arm/cortex-a15/bionic/memcpy.S index a300e43..a843230 100644 --- a/libc/arch-arm/cortex-a15/bionic/memcpy.S +++ b/libc/arch-arm/cortex-a15/bionic/memcpy.S @@ -65,7 +65,7 @@ ENTRY(__memcpy_chk) .cfi_startproc cmp r2, r3 - bgt __memcpy_chk_fail + bhi __memcpy_chk_fail // Fall through to memcpy... .cfi_endproc diff --git a/libc/arch-arm/cortex-a9/bionic/__strcat_chk.S b/libc/arch-arm/cortex-a9/bionic/__strcat_chk.S index cc43456..78cf19a 100644 --- a/libc/arch-arm/cortex-a9/bionic/__strcat_chk.S +++ b/libc/arch-arm/cortex-a9/bionic/__strcat_chk.S @@ -183,7 +183,7 @@ ENTRY(__strcat_chk) .L_strlen_done: add r2, r3, r4 cmp r2, lr - bgt __strcat_chk_fail + bhi __strcat_chk_fail // Set up the registers for the memcpy code. mov r1, r5 diff --git a/libc/arch-arm/cortex-a9/bionic/__strcpy_chk.S b/libc/arch-arm/cortex-a9/bionic/__strcpy_chk.S index dd3370b..d0acf1e 100644 --- a/libc/arch-arm/cortex-a9/bionic/__strcpy_chk.S +++ b/libc/arch-arm/cortex-a9/bionic/__strcpy_chk.S @@ -153,7 +153,7 @@ ENTRY(__strcpy_chk) pld [r1, #64] ldr r0, [sp] cmp r3, lr - bge __strcpy_chk_fail + bhs __strcpy_chk_fail // Add 1 for copy length to get the string terminator. add r2, r3, #1 diff --git a/libc/arch-arm/cortex-a9/bionic/memcpy.S b/libc/arch-arm/cortex-a9/bionic/memcpy.S index 21e0ebe..5c4c428 100644 --- a/libc/arch-arm/cortex-a9/bionic/memcpy.S +++ b/libc/arch-arm/cortex-a9/bionic/memcpy.S @@ -43,7 +43,7 @@ ENTRY(__memcpy_chk) .cfi_startproc cmp r2, r3 - bgt __memcpy_chk_fail + bhi __memcpy_chk_fail // Fall through to memcpy... .cfi_endproc diff --git a/libc/arch-arm/krait/bionic/__strcat_chk.S b/libc/arch-arm/krait/bionic/__strcat_chk.S index ec99077..956b461 100644 --- a/libc/arch-arm/krait/bionic/__strcat_chk.S +++ b/libc/arch-arm/krait/bionic/__strcat_chk.S @@ -180,7 +180,7 @@ ENTRY(__strcat_chk) .L_strlen_done: add r2, r3, r4 cmp r2, lr - bgt __strcat_chk_failed + bhi __strcat_chk_failed // Set up the registers for the memcpy code. mov r1, r5 diff --git a/libc/arch-arm/krait/bionic/__strcpy_chk.S b/libc/arch-arm/krait/bionic/__strcpy_chk.S index 7da4d15..402cac6 100644 --- a/libc/arch-arm/krait/bionic/__strcpy_chk.S +++ b/libc/arch-arm/krait/bionic/__strcpy_chk.S @@ -151,7 +151,7 @@ ENTRY(__strcpy_chk) pld [r1, #64] ldr r0, [sp] cmp r3, lr - bge __strcpy_chk_failed + bhs __strcpy_chk_failed // Add 1 for copy length to get the string terminator. add r2, r3, #1 diff --git a/libc/arch-arm/krait/bionic/memcpy.S b/libc/arch-arm/krait/bionic/memcpy.S index 9072408..c69d890 100644 --- a/libc/arch-arm/krait/bionic/memcpy.S +++ b/libc/arch-arm/krait/bionic/memcpy.S @@ -46,7 +46,7 @@ ENTRY(__memcpy_chk) .cfi_startproc cmp r2, r3 - bgt __memcpy_chk_fail + bhi __memcpy_chk_fail // Fall through to memcpy... .cfi_endproc -- cgit v1.1