Date: Tue, 30 Apr 2013 17:11:14 +0200 From: Jonas Wagner <jonas.wagner@...l.ch> To: musl@...ts.openwall.com Subject: Word-sized reads access memory past the bound of objects Hi, I'm currently experimenting with MUSL and automated bug finding tools. One issue I'm facing is that the tool reports several errors in functions such as strlen, that perform word-size accesses. What happens is that strlen reads a word at a time, then checks whether there is a zero in there. If the zero happens to be in the first byte, it thus reads three bytes past the end of the string. In principle, the tool is correct and MUSL does cause undefined behavior here. In practice, I don't see a way how MUSL's behavior could cause any damage... My questions are: - How prevalent is such code in MUSL? - Would there be an easy way to find all these places and change them? - Are there other types of "soft" undefined behavior that MUSL exploits? I guess doing changing MUSL would lose a lot of performance... so maybe I'll adapt the bug finding tool instead... Best, Jonas Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.