lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47442FA9.6020600@gmail.com>
Date:	Wed, 21 Nov 2007 18:16:25 +0500
From:	"Alexander E. Patrakov" <patrakov@...il.com>
To:	Nix <nix@...eri.org.uk>
CC:	"H. Peter Anvin" <hpa@...or.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	David Miller <davem@...emloft.net>, xiyou.wangcong@...il.com,
	goodmenkernel@...il.com, linux-kernel@...r.kernel.org
Subject: Re: Is there any word about this bug in gcc ?

Nix wrote:

> I've grepped all the source on my system (1148 expanded upstream source
> tarballs or git/cvs/svn trees including the Linux kernel, most of GNOME,
> and all of KDE and X.org) and found that hits are extremely rare: not as
> rare as calls to seekdir() and telldir() :) but rare. (Quite a lot of
> things multiply by negative constants *inside* a call to abs(), but this
> should be unaffected.)

I implemented a different approach: patched gcc with the official fix plus a 
call to emit a warning (see below), and recompiled the whole LFS LiveCD (see the 
list of packages at 
http://wiki.linuxfromscratch.org/livecd/browser/trunk/packages). Only libtheora 
emitted a warning.

> Certain hits:
> 
> ./nethack/3.4.3/src/cmd.c:        else if(x < -2*abs(y))
> ./nethack/3.4.3/src/cmd.c:        else if(y < -2*abs(x))

Sure, this is a hit, but nethack is not on my LiveCD.

> Possible hits (I'm not sure what the folder would do with this: the
> extra level of brackets in the way might affect things but I don't think
> so):
> 
> ./libtheora/libtheora/lib/enc/pp.c:      TmpMod = 32 + QValue - 2*(abs(Src[j+Pitch]-Src[j]));
> ./libtheora/libtheora/lib/enc/pp.c:      TmpMod = 32 + QValue - 2*(abs(Src[j+1]-Src[j]));

This did emit a warning, I have already reported it: 
https://trac.xiph.org/ticket/1260

> ./xmms/modules/projectM-0.94.20/main.c:   wave_x_temp=-2*0.4142*(abs(abs(wave_mystery)-.5)-.5);
> ./xmms/modules/projectM-0.94.20/main.c:   wave_x_temp=-2*0.4142*(abs(abs(wave_mystery)-.5)-.5);

Not a hit, probably due to conversions between int and double.


--- trunk/gcc/fold-const.c	2007/11/17 13:46:53	130257
+++ trunk/gcc/fold-const.c	2007/11/17 14:22:42	130258
@@ -6095,6 +6095,9 @@
              }
            break;
          }
+      /* If the constant is negative, we cannot simplify this.  */
+      if (tree_int_cst_sgn (c) == -1)
+        { warning(0, "Unpatched gcc miscompiles this"); break; }
        /* FALLTHROUGH */
      case NEGATE_EXPR:
        if ((t1 = extract_muldiv (op0, c, code, wide_type, strict_overflow_p))

-- 
Alexander E. Patrakov
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ