lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <877ikc1v3a.fsf@hades.wkstn.nix>
Date:	Tue, 20 Nov 2007 21:10:49 +0000
From:	Nix <nix@...eri.org.uk>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Herbert Xu <herbert@...dor.apana.org.au>,
	David Miller <davem@...emloft.net>, xiyou.wangcong@...il.com,
	goodmenkernel@...il.com, linux-kernel@...r.kernel.org
Subject: Re: Is there any word about this bug in gcc ?

On 20 Nov 2007, H. Peter Anvin outgrape:
> This one is definitely messy.  There is absolutely no way to know what
> gcc has miscompiled.

Actually, since this only affects abs() calls containing multiplications
or divisions by negative constants, you can at least make a pretty good
guess as to its prevalence with nothing more than grep (first grep -w
for abs, then grepping for "- *[0-9]" and filtering the rest by
eye). (This won't catch cases of macros using abs() which are then
called with negative constants, but it *will* catch those macros, and
one can check the calls to such things by hand. I've done that as well.)

I've grepped all the source on my system (1148 expanded upstream source
tarballs or git/cvs/svn trees including the Linux kernel, most of GNOME,
and all of KDE and X.org) and found that hits are extremely rare: not as
rare as calls to seekdir() and telldir() :) but rare. (Quite a lot of
things multiply by negative constants *inside* a call to abs(), but this
should be unaffected.)

Certain hits:

./nethack/3.4.3/src/cmd.c:        else if(x < -2*abs(y))
./nethack/3.4.3/src/cmd.c:        else if(y < -2*abs(x))

Possible hits (I'm not sure what the folder would do with this: the
extra level of brackets in the way might affect things but I don't think
so):

./libtheora/libtheora/lib/enc/pp.c:      TmpMod = 32 + QValue - 2*(abs(Src[j+Pitch]-Src[j]));
./libtheora/libtheora/lib/enc/pp.c:      TmpMod = 32 + QValue - 2*(abs(Src[j+1]-Src[j]));

./xmms/modules/projectM-0.94.20/main.c:   wave_x_temp=-2*0.4142*(abs(abs(wave_mystery)-.5)-.5);
./xmms/modules/projectM-0.94.20/main.c:   wave_x_temp=-2*0.4142*(abs(abs(wave_mystery)-.5)-.5);


None of these affected programs strike me as being exactly system-
critical. I think the impact of this bug is probably survivable. :)

I'd build a GCC with the patch and verify that these programs are
compiled differently with it, but they look unimportant enough that I'm
not really sure I care enough to do it...

-- 
`Some people don't think performance issues are "real bugs", and I think 
such people shouldn't be allowed to program.' --- Linus Torvalds
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ