Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Sep 2018 23:15:02 -0400
From: Rich Felker <>
Subject: Re: un-UBify-strings

On Sun, Sep 23, 2018 at 03:10:14AM +0000, Pascal Cuoq wrote:
> On 23 Sep 2018, at 04:45, Rich Felker <<>> wrote:
> I'm also trying to fix the UB in
> address range checks for implementing memmove as memcpy, etc. Is this
> correct:
> if ((uintptr_t)s-(uintptr_t)d-n <= -2*n) return memcpy(d, s, n);
> ?
> It looks okay to me. You want to test whether
> (uintptr_t)s-(uintptr_t)d, computed as a mathematical integer, is
> between -n and n, and since uintptr_t is unsigned, you are using the
> well-known trick of aligning one of the bounds with 0 so that both
> inequalities can be tested in one instruction.


> It would seen more natural to me to work on the right-hand side of
> zero, that it, to compute (uintptr_t)s-(uintptr_t)d+n and to check
> whether that is <= 2*n (overlap) or > 2*n (no overlap). The
> generated code may even be one instruction shorter. Apart from that,
> as long as we have the hypothesis that n <= UINTPTR_MAX/2, I cannot
> immediately see any reason why it would not work.

dist(s,d)==n is a no-overlap case. Otherwise I think this is correct
and we can use:

	if ((uintptr_t)s-(uintptr_t)d+n >= 2*n) return memcpy(d, s, n);



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.