mirror of https://github.com/torvalds/linux.git
c0e824661f
memset() description in ISO/IEC 9899:1999 (and elsewhere) says:
The memset function copies the value of c (converted to an
unsigned char) into each of the first n characters of the
object pointed to by s.
The kernel's arm32 memset does not cast c to unsigned char. This results
in the following code to produce erroneous output:
char a[128];
memset(a, -128, sizeof(a));
This is because gcc will generally emit the following code before
it calls memset() :
mov r0, r7
mvn r1, #127 ; 0x7f
bl 00000000 <memset>
r1 ends up with 0xffffff80 before being used by memset() and the
'a' array will have -128 once in every four bytes while the other
bytes will be set incorrectly to -1 like this (printing the first
8 bytes) :
test_module: -128 -1 -1 -1
test_module: -1 -1 -1 -128
The change here is to 'and' r1 with 255 before it is used.
Fixes:
|
||
|---|---|---|
| .. | ||
| Makefile | ||
| ashldi3.S | ||
| ashrdi3.S | ||
| backtrace-clang.S | ||
| backtrace.S | ||
| bitops.h | ||
| bswapsdi2.S | ||
| call_with_stack.S | ||
| changebit.S | ||
| clear_user.S | ||
| clearbit.S | ||
| copy_from_user.S | ||
| copy_page.S | ||
| copy_template.S | ||
| copy_to_user.S | ||
| csumipv6.S | ||
| csumpartial.S | ||
| csumpartialcopy.S | ||
| csumpartialcopygeneric.S | ||
| csumpartialcopyuser.S | ||
| delay-loop.S | ||
| delay.c | ||
| div64.S | ||
| error-inject.c | ||
| findbit.S | ||
| getuser.S | ||
| io-readsb.S | ||
| io-readsl.S | ||
| io-readsw-armv3.S | ||
| io-readsw-armv4.S | ||
| io-writesb.S | ||
| io-writesl.S | ||
| io-writesw-armv3.S | ||
| io-writesw-armv4.S | ||
| lib1funcs.S | ||
| lshrdi3.S | ||
| memchr.S | ||
| memcpy.S | ||
| memmove.S | ||
| memset.S | ||
| muldi3.S | ||
| putuser.S | ||
| setbit.S | ||
| strchr.S | ||
| strrchr.S | ||
| testchangebit.S | ||
| testclearbit.S | ||
| testsetbit.S | ||
| uaccess_with_memcpy.c | ||
| ucmpdi2.S | ||
| xor-neon.c | ||