i386 implementation of memmove broken since glibc 2.21

Bug #1756209 reported by Thomas Middeldorp on 2018-03-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
High
Unassigned
Xenial
Undecided
Unassigned
Bionic
High
Unassigned

Bug Description

In glibc 2.21 they optimized i386 memcpy:

https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

The implementation contained a bug which causes memmove to break when crossing the 2GB threshold.

This has been filed with glibc here (filed by someone else, but I have requested an update from them as well):

https://sourceware.org/bugzilla/show_bug.cgi?id=22644

Unfortunately they have not yet taken action on this bug, however I want to bring it to your attention in the hope that it can be patched into all current Ubuntu releases as soon as possible. I hope this is not improper procedure. Both myself and another (see comment 1 in the glibc bug report) have tested the patch provided in the above glibc bug report and it does appear to fix the problem, however I don't know what the procedure is for getting it properly confirmed/tested and merged into Ubuntu.

As requested in the guidelines:

1) We are using:
Description: Ubuntu 16.04.4 LTS
Release: 16.04

2)
libc6:i386:
  Installed: 2.23-0ubuntu10

However as stated above this has been present since libc6:i386 2.21 and affects Ubuntu 15.04 onward. (I have actually tested this as well. 15.04 conveniently used both glibc 2.19 and 2.21 so it was a good test platform when I was initially attempting to track down the problem.)

3) What we expected to happen:
memmove should move data within the entire valid address space without segfaulting or corrupting memory.

4) What happened instead:
When memmove attempts to move data crossing the 2GB threshold it either segfaults or causes memory corruption.

Thomas Middeldorp (thomasggg) wrote :

Just to keep this up to date, they have now committed a patch to fix this.

Matthias Klose (doko) on 2018-03-27
Changed in glibc (Ubuntu Bionic):
milestone: none → ubuntu-18.04
importance: Undecided → High
status: New → Confirmed
tags: added: id-5ac41c8a07e3bbcc42edc5cb
Adam Conrad (adconrad) on 2018-12-08
Changed in glibc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers