segfault in strncmp for avx2 at page boundaries
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GLibC |
Fix Released
|
Medium
|
|||
glibc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
Depending on size and location of the compared buffers in memory, particularly at the end of their respective pages, the AVX-2 specialized code for strncmp has an off-by-one bug that can cause a segfault.
See https:/
[Test case]
> test_strncmp.c cat <<EOF
#include <sys/mman.h>
#include <string.h>
#include <stdio.h>
#define PAGE_SIZE 4096
#define VEC_SIZE 32
int main()
{
int ret;
char *s1 = (char *)mmap(0, PAGE_SIZE*2, PROT_READ|
char *s2 = (char *)mmap(0, PAGE_SIZE*2, PROT_READ|
mprotect(
mprotect(
memset(s1, 'a', PAGE_SIZE);
memset(s2, 'a', PAGE_SIZE);
s1[PAGE_SIZE-1] = 0;
ret = strncmp(
printf("strncmp returned %d\n", ret);
return ret;
}
EOF
gcc -o test_strncmp test_strncmp.c
./test_strncmp
# On buggy systems (e.g. mine), that last call segfaults
[Regression potential]
The fix could introduce another bug in the routine, and/or a performance regression.
In Sourceware.org Bugzilla #25933, Dpmendenhall (dpmendenhall) wrote : | #1 |
In Sourceware.org Bugzilla #25933, Dpmendenhall (dpmendenhall) wrote : | #2 |
Created attachment 12508
test case
I reduced the bug to a stand-alone test case, now attached.
In Sourceware.org Bugzilla #25933, Adhemerval Zanella (adhemerval-zanella) wrote : | #3 |
By extending your testing to check for more alignments and sizes:
for (size_t s = 99; s <= 4 * VEC_SIZE; s++)
for (size_t s1a = 31; s1a < 32; s1a++)
for (size_t s2a = 30; s2a < 32; s2a++)
{
ret = strncmp (s1 + PAGE_SIZE - s - s1a,
assert (ret == 0);
}
It seems that another page cross also requires fixing:
580 xorl %r8d, %r8d
581 /* If ECX > VEC_SIZE * 2, skip ECX - (VEC_SIZE * 2) bytes. */
582 subl $(VEC_SIZE * 2), %ecx
583 jle 1f
584 /* Skip ECX bytes. */
585 shrq %cl, %rdi
586 /* R8 has number of bytes skipped. */
587 movl %ecx, %r8d
588 1:
589 /* Before jumping back to the loop, set ESI to the number of
590 VEC_SIZE * 4 blocks before page crossing. */
591 movl $(PAGE_SIZE / (VEC_SIZE * 4) - 1), %esi
592
593 testq %rdi, %rdi
594 je L(back_to_loop)
595 tzcntq %rdi, %rcx
596 addq %r10, %rcx
597 /* Adjust for number of bytes skipped. */
It should not jump back to loop if the ecx is negative (as some cases).
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #4 |
There is a test case at
https:/
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #5 |
Created attachment 12601
strncmp_avx2 patch for pr25933
Tested attached patch on
https:/
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #6 |
(In reply to Sunil Pandey from comment #4)
> Created attachment 12601 [details]
> strncmp_avx2 patch for pr25933
>
> Tested attached patch on
>
> https:/
Looks good. Please try this
diff --git a/sysdeps/
index 48d03a9f46.
--- a/sysdeps/
+++ b/sysdeps/
@@ -256,6 +256,11 @@ L(next_3_vectors):
vpmovmskb %ymm0, %ecx
testl %ecx, %ecx
jne L(return_
+# ifdef USE_AS_STRNCMP
+ /* Check if VEC_SIZE * 4 already exceeded max compare count %r11 */
+ cmpq $(VEC_SIZE * 4), %r11
+ jbe L(zero)
+# endif
L(main_
leaq (VEC_SIZE * 4)(%rdi), %rdx
movl $PAGE_SIZE, %ecx
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #7 |
(In reply to H.J. Lu from comment #5)
> (In reply to Sunil Pandey from comment #4)
> > Created attachment 12601 [details]
> > strncmp_avx2 patch for pr25933
> >
> > Tested attached patch on
> >
> > https:/
>
> Looks good. Please try this
>
> diff --git a/sysdeps/
> b/sysdeps/
> index 48d03a9f46.
> --- a/sysdeps/
> +++ b/sysdeps/
> @@ -256,6 +256,11 @@ L(next_3_vectors):
> vpmovmskb %ymm0, %ecx
> testl %ecx, %ecx
> jne L(return_
> +# ifdef USE_AS_STRNCMP
> + /* Check if VEC_SIZE * 4 already exceeded max compare count %r11 */
> + cmpq $(VEC_SIZE * 4), %r11
> + jbe L(zero)
> +# endif
> L(main_
> leaq (VEC_SIZE * 4)(%rdi), %rdx
> movl $PAGE_SIZE, %ecx
It fixes the issue on my setup as expected.
$ ./test-strncmp
$ echo $?
0
$ git diff
diff --git a/sysdeps/
index 48d03a9f46.
--- a/sysdeps/
+++ b/sysdeps/
@@ -256,6 +256,11 @@ L(next_3_vectors):
vpmovmskb %ymm0, %ecx
testl %ecx, %ecx
jne L(return_
+# ifdef USE_AS_STRNCMP
+ /* Check if VEC_SIZE * 4 already exceeded max compare count %r11 */
+ cmpq $(VEC_SIZE * 4), %r11
+ jbe L(zero)
+# endif
L(main_
leaq (VEC_SIZE * 4)(%rdi), %rdx
movl $PAGE_SIZE, %ecx
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #8 |
(In reply to Sunil Pandey from comment #6)
> (In reply to H.J. Lu from comment #5)
> > (In reply to Sunil Pandey from comment #4)
> > > Created attachment 12601 [details]
> > > strncmp_avx2 patch for pr25933
> > >
> > > Tested attached patch on
> > >
> > > https:/
> >
> > Looks good. Please try this
> >
> > diff --git a/sysdeps/
> > b/sysdeps/
> > index 48d03a9f46.
> > --- a/sysdeps/
> > +++ b/sysdeps/
> > @@ -256,6 +256,11 @@ L(next_3_vectors):
> > vpmovmskb %ymm0, %ecx
> > testl %ecx, %ecx
> > jne L(return_
> > +# ifdef USE_AS_STRNCMP
> > + /* Check if VEC_SIZE * 4 already exceeded max compare count %r11 */
> > + cmpq $(VEC_SIZE * 4), %r11
> > + jbe L(zero)
> > +# endif
> > L(main_
> > leaq (VEC_SIZE * 4)(%rdi), %rdx
> > movl $PAGE_SIZE, %ecx
>
> It fixes the issue on my setup as expected.
>
> $ ./test-strncmp
> simple_strncmp stupid_strncmp __strncmp_avx2
> __strncmp_sse42 __strncmp_ssse3 __strncmp_sse2
> $ echo $?
> 0
>
Did you run "make check"?
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #9 |
(In reply to H.J. Lu from comment #7)
> (In reply to Sunil Pandey from comment #6)
> > (In reply to H.J. Lu from comment #5)
> > > (In reply to Sunil Pandey from comment #4)
> > > > Created attachment 12601 [details]
> > > > strncmp_avx2 patch for pr25933
> > > >
> > > > Tested attached patch on
> > > >
> > > > https:/
> > >
> > > Looks good. Please try this
> > >
> > > diff --git a/sysdeps/
> > > b/sysdeps/
> > > index 48d03a9f46.
> > > --- a/sysdeps/
> > > +++ b/sysdeps/
> > > @@ -256,6 +256,11 @@ L(next_3_vectors):
> > > vpmovmskb %ymm0, %ecx
> > > testl %ecx, %ecx
> > > jne L(return_
> > > +# ifdef USE_AS_STRNCMP
> > > + /* Check if VEC_SIZE * 4 already exceeded max compare count %r11 */
> > > + cmpq $(VEC_SIZE * 4), %r11
> > > + jbe L(zero)
> > > +# endif
> > > L(main_
> > > leaq (VEC_SIZE * 4)(%rdi), %rdx
> > > movl $PAGE_SIZE, %ecx
> >
> > It fixes the issue on my setup as expected.
> >
> > $ ./test-strncmp
> > simple_strncmp stupid_strncmp __strncmp_avx2
> > __strncmp_sse42 __strncmp_ssse3 __strncmp_sse2
> > $ echo $?
> > 0
> >
>
> Did you run "make check"?
yes. it fixes strncmp and no new failure.
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #10 |
(In reply to Sunil Pandey from comment #8)
>
> yes. it fixes strncmp and no new failure.
I got
FAIL: wcsmbs/test-wcsncmp
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #11 |
(In reply to H.J. Lu from comment #9)
> (In reply to Sunil Pandey from comment #8)
> >
> > yes. it fixes strncmp and no new failure.
>
> I got
>
> FAIL: wcsmbs/test-wcsncmp
Please rebase users/hjl/
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #12 |
I think L(loop_cross_page) block is incorrect. Please compare it against
L(loop_cross_page) block in strcmp-
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #13 |
The bug is around
593 testq %rdi, %rdi
594 je L(back_to_loop)
At this point, there may be less than 4 vector length remaining:
Breakpoint 1, __strncmp_avx2 ()
at ../sysdeps/
594 je L(back_to_loop)
(gdb) p $r11
$2 = 97
(gdb) next
303 vmovdqa (%rax), %ymm0
(gdb)
304 vmovdqa VEC_SIZE(%rax), %ymm3
(gdb)
305 VPCMPEQ (%rdx), %ymm0, %ymm4
(gdb)
306 VPCMPEQ VEC_SIZE(%rdx), %ymm3, %ymm1
(gdb)
307 VPMINU %ymm0, %ymm4, %ymm4
(gdb)
308 VPMINU %ymm3, %ymm1, %ymm1
(gdb)
309 vmovdqa (VEC_SIZE * 2)(%rax), %ymm2
(gdb)
310 VPMINU %ymm1, %ymm4, %ymm0
(gdb)
311 vmovdqa (VEC_SIZE * 3)(%rax), %ymm3
(gdb)
312 VPCMPEQ (VEC_SIZE * 2)(%rdx), %ymm2, %ymm5
(gdb)
313 VPCMPEQ (VEC_SIZE * 3)(%rdx), %ymm3, %ymm6
(gdb)
Program received signal SIGSEGV, Segmentation fault.
__strncmp_avx2 () at ../sysdeps/
313 VPCMPEQ (VEC_SIZE * 3)(%rdx), %ymm3, %ymm6
(gdb)
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #14 |
There are
L(loop_
/* The first VEC_SIZE * 2 bytes match or are ignored. */
vmovdqu (VEC_SIZE * 2)(%rax, %r10), %ymm2
vmovdqu (VEC_SIZE * 3)(%rax, %r10), %ymm3
VPCMPEQ (VEC_SIZE * 2)(%rdx, %r10), %ymm2, %ymm5
VPMINU %ymm2, %ymm5, %ymm5
VPCMPEQ (VEC_SIZE * 3)(%rdx, %r10), %ymm3, %ymm6
VPCMPEQ %ymm7, %ymm5, %ymm5
VPMINU %ymm3, %ymm6, %ymm6
VPCMPEQ %ymm7, %ymm6, %ymm6
vpmovmskb %ymm5, %edi
vpmovmskb %ymm6, %esi
salq $32, %rsi
xorq %rsi, %rdi
xorl %r8d, %r8d
/* If ECX > VEC_SIZE * 2, skip ECX - (VEC_SIZE * 2) bytes. */
subl $(VEC_SIZE * 2), %ecx
jle 1f
/* Skip ECX bytes. */
shrq %cl, %rdi
/* R8 has number of bytes skipped. */
movl %ecx, %r8d
1:
/* Before jumping back to the loop, set ESI to the number of
VEC_SIZE * 4 blocks before page crossing. */
movl $(PAGE_SIZE / (VEC_SIZE * 4) - 1), %esi
testq %rdi, %rdi
je L(back_to_loop)
When this branch is taken, there are (VEC_SIZE * 4) + %r10 matching bytes
starting at %rax, which may be >= the maximum offset.
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #15 |
Created attachment 12610
strncmp_avx2 patch.1 for pr25933
I ran glibc make check and all test pass with this patch.
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #16 |
(In reply to Sunil Pandey from comment #14)
> Created attachment 12610 [details]
> strncmp_avx2 patch.1 for pr25933
>
> I ran glibc make check and all test pass with this patch.
You removed loop unrolling. Please provide all relevant glibc micro
benchmarks data before and after your change.
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #17 |
Created attachment 12612
strcmp_avx2 micro benchmark comparison.
strcmp_avx2 micro benchmark before and after test with RDTSCP and CLOCK time.
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #18 |
Created attachment 12613
strncmp_avx2 micro benchmark comparison.
strncmp_avx2 micro benchmark before and after test with RDTSCP and CLOCK time.
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #19 |
Created attachment 12614
wcscmp_avx2 micro benchmark comparison.
wcscmp_avx2 micro benchmark before and after test with RDTSCP and CLOCK time.
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #20 |
Created attachment 12615
wcsncmp_avx2 micro benchmark comparison.
wcsncmp_avx2 micro benchmark before and after test with RDTSCP and CLOCK time.
In Sourceware.org Bugzilla #25933, Skpgkp2 (skpgkp2) wrote : | #21 |
(In reply to H.J. Lu from comment #15)
> (In reply to Sunil Pandey from comment #14)
> > Created attachment 12610 [details]
> > strncmp_avx2 patch.1 for pr25933
> >
> > I ran glibc make check and all test pass with this patch.
>
> You removed loop unrolling. Please provide all relevant glibc micro
> benchmarks data before and after your change.
I beleive strncmp_avx2 changes affects
strcmp
strncmp
wcscmp
wcsncmp
Let me know if I miss any other relevant micro benchmark corresponding to this change.
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #22 |
(In reply to Sunil Pandey from comment #20)
> (In reply to H.J. Lu from comment #15)
> > (In reply to Sunil Pandey from comment #14)
> > > Created attachment 12610 [details]
> > > strncmp_avx2 patch.1 for pr25933
> > >
> > > I ran glibc make check and all test pass with this patch.
> >
> > You removed loop unrolling. Please provide all relevant glibc micro
> > benchmarks data before and after your change.
>
> I beleive strncmp_avx2 changes affects
>
> strcmp
> strncmp
> wcscmp
> wcsncmp
>
> Let me know if I miss any other relevant micro benchmark corresponding to
> this change.
I added more bench tests to users/hjl/
numbers.
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #23 |
A patch is posted at
https:/
In Sourceware.org Bugzilla #25933, Cvs-commit (cvs-commit) wrote : | #24 |
The release/2.31/master branch has been updated by H.J. Lu <email address hidden>:
https:/
commit 4e8a33a9590edc5
Author: H.J. Lu <email address hidden>
Date: Sat Jul 4 09:45:21 2020 -0700
NEWS: Mention BZ 25933 fix
In Sourceware.org Bugzilla #25933, Cvs-commit (cvs-commit) wrote : | #25 |
The release/2.30/master branch has been updated by H.J. Lu <email address hidden>:
https:/
commit 94abcef26ebbe89
Author: H.J. Lu <email address hidden>
Date: Sat Jul 4 09:45:21 2020 -0700
NEWS: Mention BZ 25933 fix
In Sourceware.org Bugzilla #25933, Cvs-commit (cvs-commit) wrote : | #26 |
The release/2.29/master branch has been updated by H.J. Lu <email address hidden>:
https:/
commit 83aaa1714428ba3
Author: H.J. Lu <email address hidden>
Date: Sat Jul 4 09:45:21 2020 -0700
NEWS: Mention BZ 25933 fix
In Sourceware.org Bugzilla #25933, Cvs-commit (cvs-commit) wrote : | #27 |
The release/2.28/master branch has been updated by H.J. Lu <email address hidden>:
https:/
commit f82072183ad5b32
Author: H.J. Lu <email address hidden>
Date: Sat Jul 4 09:45:21 2020 -0700
NEWS: Mention BZ 25933 fix
In Sourceware.org Bugzilla #25933, Hjl-tools (hjl-tools) wrote : | #28 |
Fixed for 2.32 and on 2.31/2.30/2.29/2.28 branches.
Changed in glibc (Ubuntu): | |
status: | New → Fix Released |
Changed in glibc (Ubuntu Focal): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in glibc: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Brian Murray (brian-murray) wrote : | #29 |
You mention the potential for a performance regression in this bug and bug 2001975. Will there be any performance testing as a part of this SRU process?
It looks like there is a performance testing version of glibc at https:/
Simon Chopin (schopin) wrote : | #30 |
The performance part was just my attempt at imagining what could possibly go wrong. As it turns out, I hadn't seen that upstream had the exact same concern and so did microbenchmarks on the patch before accepting it. Sadly, those benchmarks aren't designed to run against installed libraries, they expect the full build tree to be available.
I looked at the bug and patch history of the affected routines, and haven't seen any report of performance regression.
The benchmarks in bug 1999551 were explicitly designed for the arm64 architecture, and so don't apply here.
Brian Murray (brian-murray) wrote : Please test proposed package | #31 |
Hello Simon, or anyone else affected,
Accepted glibc into focal-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
Changed in glibc (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: | added: verification-needed verification-needed-focal |
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glibc/2.31-0ubuntu9.10) | #32 |
All autopkgtests for the newly accepted glibc (2.31-0ubuntu9.10) for focal have finished running.
The following regressions have been reported in tests triggered by the package:
4ti2/1.
android-
android-
apparmor/unknown (armhf)
apport/
at-spi2-
atk1.0/
augustus/unknown (armhf)
autodock-
autopilot-gtk/1.6.0 (armhf)
bgw-replstatus/
biosquid/
blackbox/0.70.1-38 (armhf)
bomstrip/9-13 (armhf)
borgbackup/
bosh/0.6-10 (armhf)
botch/0.22-3 (armhf)
brlaser/6-1build1 (armhf)
burp/2.2.18-2 (armhf)
butt/unknown (armhf)
cargo/0.
ceph/15.
chafa/1.2.1-1 (armhf)
clearcut/1.0.9-5 (armhf)
consulfs/0.2.1-1 (armhf)
coturn/
dune-common/
fpc/3.0.4+dfsg-23 (arm64)
frameworkintegr
heaptrack/
jsonnet/unknown (armhf)
kbibtex/
kholidays/
kiconthemes/
kitemmodels/
kpty/5.
libdbd-
libgdata/0.17.12-1 (armhf)
libtk-tablematr
linux-gcp-
linux-gke-
linux-lowlatenc
linux-oracle-
magicrescue/
mercurial/
modemmanager-
node-ws/7.2.1-3 (armhf)
octave-
osmo-mgw/1.4.0-1 (armhf)
php-excimer/
polkit-
qcustomplot/
qutip/4.4.1-6build1 (amd64)
r-cran-ps/1.3.2-2 (armhf)
ruby-bootsnap/
ruby-standalone
ruby2.7/
sks/1.1.6-14 (s390x)
systemd/
threadweaver/
tomb/2.7+dfsg2-1 (amd64)
umockdev/
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
Simon Chopin (schopin) wrote : | #34 |
Disregard the now-removed comment, it was for bug 2001975
This one was (also) verified in a fresh LXD container:
root@focal-glibc:~# gcc -o test_strncmp test_strncmp.c
root@focal-glibc:~# ./test_strncmp && echo OK
strncmp returned 0
OK
tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : | #35 |
All autopkgtests for the newly accepted glibc (2.31-0ubuntu9.10) for focal have finished running.
The following regressions have been reported in tests triggered by the package:
cargo/0.
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glibc/2.31-0ubuntu9.11) | #36 |
All autopkgtests for the newly accepted glibc (2.31-0ubuntu9.11) for focal have finished running.
The following regressions have been reported in tests triggered by the package:
dune-common/
khtml/5.
kitemmodels/
kpeople/
kplotting/
kpty/5.
kxmlgui/
linux-nvidia-
netplan.
nfs-utils/
ruby-stackprof/
sbd/1.4.1-3 (s390x)
threadweaver/
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
Brian Murray (brian-murray) wrote : Please test proposed package | #37 |
Hello Simon, or anyone else affected,
Accepted glibc into focal-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
tags: |
added: verification-needed verification-needed-focal removed: verification-done verification-done-focal |
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glibc/2.31-0ubuntu9.12) | #38 |
All autopkgtests for the newly accepted glibc (2.31-0ubuntu9.12) for focal have finished running.
The following regressions have been reported in tests triggered by the package:
aevol/5.
c-icap/1:0.5.3-3 (armhf)
cysignals/
dbus/1.
docker.
flatpak/
kholidays/
kplotting/
libimage-
libreoffice/
libxml-
libxml-
linux-aws-
linux-gcp-
linux-lowlatenc
mariadb-
postgresql-
r-bioc-
r-cran-
systemd/
threadweaver/
utox/0.17.1-1 (arm64)
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
Simon Chopin (schopin) wrote : | #39 |
Verified in a fresh container:
root@focal-glibc:~# ./test_strncmp
strncmp returned 0
root@focal-glibc:~# dpkg -l libc6
Desired=
| Status=
|/ Err?=(none)
||/ Name Version Architecture Description
+++-===
ii libc6:amd64 2.31-0ubuntu9.12 amd64 GNU C Library: Shared libraries
tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
Łukasz Zemczak (sil2100) wrote : Update Released | #40 |
The verification of the Stable Release Update for glibc has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
Launchpad Janitor (janitor) wrote : | #41 |
This bug was fixed in the package glibc - 2.31-0ubuntu9.12
---------------
glibc (2.31-0ubuntu9.12) focal; urgency=medium
* Drop SVE memcpy implementation due to kernel-related performance
regression
glibc (2.31-0ubuntu9.11) focal; urgency=medium
* Drop memcmp arm64 SIMD optimization patch due to performance regression
on Raspberry Pi 3+ and 4
glibc (2.31-0ubuntu9.10) focal; urgency=medium
[ Andrei Gherzan ]
* d/p/lp1910312: Backport upstream fix for SEM_STAT_ANY (LP: #1910312)
[ Simon Chopin ]
* d/p/lp1999551/*: backport mem{cmp,cpy} optimizations for arm64 (LP: #1999551)
* d/p/lp2001932/*: fix segfault in AVX2 strncmp (LP: #2001932)
* d/p/lp2001975/*: fix overflow in AVX2 wcsncmp (LP: #2001975)
-- Simon Chopin <email address hidden> Wed, 26 Jul 2023 09:44:39 +0200
Changed in glibc (Ubuntu Focal): | |
status: | Fix Committed → Fix Released |
Created attachment 12507
report
When the two strings being compared are at the end of their pages, __strncmp_avx2 will fall back to a one-byte-at-a-time loop named "cross_page_loop". This loop is incorrect if the length of the comparison exactly matches VEC_SIZE*4, which is 128 on my machine.
Full report in attached pdf.