Fix some overlap mismatch

This was caught by the following test: ``` int main(void) { char c[32]; memcpy(c, c + 16, 16); } ``` Reported-by: q66
jvoisin · Apr 24, 2024 · 8f1c728 · 8f1c728
1 parent 265fa03
commit 8f1c728
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 7 deletions.
diff --git a/include/fortify-headers.h b/include/fortify-headers.h
@@ -141,8 +141,8 @@
  * since gcc seems to like to generate code that relies on dst == src */
 #define __fh_overlap(a, len_a, b, len_b) \
 	( \
-		((a) < (b) && (b) < (a) + (__fh_size_t)(len_a)) \
-	     || ((b) < (a) && (a) < (b) + (__fh_size_t)(len_b)) \
+		((a) < (b) && (b) < ((a) + (__fh_size_t)(len_a))) \
+	     || ((b) < (a) && (a) < ((b) + (__fh_size_t)(len_b))) \
         )
 
 /*

diff --git a/include/string.h b/include/string.h
@@ -58,10 +58,8 @@ __error_if((__fh_bos(__od, 0) < __n), "'memcpy' called with `n` bigger than the
 
 	__fh_size_t __bd = __fh_bos(__od, 0);
 	__fh_size_t __bs = __fh_bos(__os, 0);
-	char *__d = (char *)__od;
-	const char *__s = (const char *)__os;
 
-	if __fh_overlap(__d, __bd, __s, __n)
+	if __fh_overlap(__od, __n, __os, __n)
 		__builtin_trap();
 	if (__n > __bd || __n > __bs)
 		__builtin_trap();
@@ -189,7 +187,7 @@ _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
 	__fh_size_t __n = strlen(__s) + 1;
 	__fh_size_t __b = __fh_bos(__d, 0);
 
-	if (__fh_overlap(__d, __b, __s, __n))
+	if (__fh_overlap(__d, __n, __s, __n))
 		__builtin_trap();
 
 	if (__n > __b)
@@ -257,7 +255,7 @@ _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
 	__fh_size_t __n = strlen(__s) + 1;
 	__fh_size_t __b = __fh_bos(__d, 0);
 
-	if (__fh_overlap(__d, __b, __s, __n))
+	if (__fh_overlap(__d, __n, __s, __n))
 		__builtin_trap();
 
 	if (__n > __b)

diff --git a/tests/Makefile b/tests/Makefile
@@ -42,6 +42,7 @@ RUNTIME_TARGETS= \
 	test_gethostname_static      \
 	test_getlogin_r_dynamic      \
 	test_getlogin_r_static       \
+	test_issue57                 \
 	test_mbsrtowcs_dynamic       \
 	test_mbsrtowcs_static        \
 	test_mbstowcs_dynamic        \
@@ -145,6 +146,7 @@ RUNTIME_TARGETS= \
 .SILENT:
 
 gcc: CC=../x86_64-linux-musl-native/bin/gcc
+gcc: CC=../aarch64-linux-musl-native/bin/gcc
 gcc: $(RUNTIME_TARGETS)
 
 clang: CC=clang

diff --git a/tests/test_issue57.c b/tests/test_issue57.c
@@ -0,0 +1,16 @@
+#include "common.h"
+
+#include <string.h>
+
+int main(int argc, char** argv) {
+  char buffer[32];
+  memcpy(buffer , buffer + 16, 16);
+  puts(buffer);
+
+  CHK_FAIL_START
+  memcpy(buffer, "1234567890", -1);
+  CHK_FAIL_END
+
+  puts(buffer);
+  return ret;
+}