Date: Wed, 2 Jul 2003 20:41:55 +0200 (CEST) From: dirk.meyer@dinoex.sub.org To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/54040: memset defunct Message-ID: <200307021841.h62IftnB061819@home.dinoex.sub.de> Resent-Message-ID: <200307021850.h62IoIAS077104@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54040
>Category: bin
>Synopsis: memset defunct
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jul 02 11:50:17 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Dirk Meyer
>Release: FreeBSD 5.1-STABLE i386
>Organization:
privat
>Environment:
FAILS ON:
FreeBSD dip.dinoex.sub.de 5.1-CURRENT FreeBSD 5.1-CURRENT #7: Tue Jul 1 00:43:09 CEST 2003 root@dip.dinoex.sub.de:/home/obj/usr/src/sys/GENERIC i386
FreeBSD ref5.freebsd.org 5.1-BETA FreeBSD 5.1-BETA #113: Fri May 23 09:01:24 PDT 2003 root@ref5.freebsd.org:/usr/src/sys/i386/compile/REF5 i386
FreeBSD beast.freebsd.org 5.1-CURRENT FreeBSD 5.1-CURRENT #146: Fri Jun 13 07:48:58 PDT 2003 root@beast.freebsd.org:/usr/src/sys/alpha/compile/BEAST alpha
RUNS ON:
FreeBSD panther.freebsd.org 5.1-BETA FreeBSD 5.1-BETA #99: Fri May 23 12:34:43 PDT 2003 root@panther.freebsd.org:/s/src/sys/sparc64/compile/PANTHER sparc64
FreeBSD home.dinoex.sub.de 4.8-STABLE FreeBSD 4.8-STABLE #24: Mon Apr 21 18:04:09 CEST 2003 root@net3.dinoex.de:/usr/obj/usr/src/sys/HOME2 i386
>Description:
memset with value 0 does not set the memory.
memset( buffer, 108, 0 );
buffer is still dirty: all bytes are d0;
leaves leves dirty not a clean memory to the user.
upto to 4.8 no problem.
objdump -d static-binary:
08051f0c <memset>:
8051f0c: 57 push %edi
8051f0d: 53 push %ebx
8051f0e: 8b 7c 24 0c mov 0xc(%esp,1),%edi
8051f12: 0f b6 44 24 10 movzbl 0x10(%esp,1),%eax
8051f17: 8b 4c 24 14 mov 0x14(%esp,1),%ecx
8051f1b: 57 push %edi
8051f1c: fc cld
8051f1d: 83 f9 0f cmp $0xf,%ecx
8051f20: 7e 24 jle 8051f46 <memset+0x3a>
8051f22: 88 c4 mov %al,%ah
8051f24: 89 c2 mov %eax,%edx
8051f26: c1 e0 10 shl $0x10,%eax
8051f29: 09 d0 or %edx,%eax
8051f2b: 89 fa mov %edi,%edx
8051f2d: f7 da neg %edx
8051f2f: 83 e2 03 and $0x3,%edx
8051f32: 89 cb mov %ecx,%ebx
8051f34: 29 d3 sub %edx,%ebx
8051f36: 89 d1 mov %edx,%ecx
8051f38: f3 aa repz stos %al,%es:(%edi)
8051f3a: 89 d9 mov %ebx,%ecx
8051f3c: c1 e9 02 shr $0x2,%ecx
8051f3f: f3 ab repz stos %eax,%es:(%edi)
8051f41: 89 d9 mov %ebx,%ecx
8051f43: 83 e1 03 and $0x3,%ecx
8051f46: f3 aa repz stos %al,%es:(%edi)
8051f48: 58 pop %eax
8051f49: 5b pop %ebx
8051f4a: 5f pop %edi
8051f4b: c3 ret
>How-To-Repeat:
1) run this sample:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int main( int argc, char **argv )
{
unsigned char *amap;
size_t i;
size_t j;
j = 108;
amap = malloc(j);
if (amap == NULL) {
printf("cannot allocate map\n");
exit( 1 );
}
memset(amap, j, 0);
for ( i=0; i < j; i ++ ) {
if ( amap[ i ] != 0 )
printf("memset (%ud bytes), position=%ud, val=%x\n", j, i, amap[ i ]);
amap[ i ] = 0;
}
return 0;
}
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307021841.h62IftnB061819>