[Bug 1756209] [NEW] i386 implementation of memmove broken since glibc 2.21

[Thomas Middeldorp]

Public bug reported:

In glibc 2.21 they optimized i386 memcpy:

https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

The implementation contained a bug which causes memmove to break when
crossing the 2GB threshold.

This has been filed with glibc here (filed by someone else, but I have
requested an update from them as well):

https://sourceware.org/bugzilla/show_bug.cgi?id=22644

Unfortunately they have not yet taken action on this bug, however I want
to bring it to your attention in the hope that it can be patched into
all current Ubuntu releases as soon as possible. I hope this is not
improper procedure. Both myself and another (see comment 1 in the glibc
bug report) have tested the patch provided in the above glibc bug report
and it does appear to fix the problem, however I don't know what the
procedure is for getting it properly confirmed/tested and merged into
Ubuntu.

As requested in the guidelines:

1) We are using:
Description:    Ubuntu 16.04.4 LTS
Release:        16.04

2)
libc6:i386:
  Installed: 2.23-0ubuntu10

However as stated above this has been present since libc6:i386 2.21 and
affects Ubuntu 15.04 onward. (I have actually tested this as well. 15.04
conveniently used both glibc 2.19 and 2.21 so it was a good test
platform when I was initially attempting to track down the problem.)

3) What we expected to happen:
memmove should move data within the entire valid address space without segfaulting or corrupting memory.

4) What happened instead:
When memmove attempts to move data crossing the 2GB threshold it either segfaults or causes memory corruption.

** Affects: glibc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1756209

Title:
  i386 implementation of memmove broken since glibc 2.21

Status in glibc package in Ubuntu:
  New

Bug description:
  In glibc 2.21 they optimized i386 memcpy:

  https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

  The implementation contained a bug which causes memmove to break when
  crossing the 2GB threshold.

  This has been filed with glibc here (filed by someone else, but I have
  requested an update from them as well):

  https://sourceware.org/bugzilla/show_bug.cgi?id=22644

  Unfortunately they have not yet taken action on this bug, however I
  want to bring it to your attention in the hope that it can be patched
  into all current Ubuntu releases as soon as possible. I hope this is
  not improper procedure. Both myself and another (see comment 1 in the
  glibc bug report) have tested the patch provided in the above glibc
  bug report and it does appear to fix the problem, however I don't know
  what the procedure is for getting it properly confirmed/tested and
  merged into Ubuntu.

  As requested in the guidelines:

  1) We are using:
  Description:    Ubuntu 16.04.4 LTS
  Release:        16.04

  2)
  libc6:i386:
    Installed: 2.23-0ubuntu10

  However as stated above this has been present since libc6:i386 2.21
  and affects Ubuntu 15.04 onward. (I have actually tested this as well.
  15.04 conveniently used both glibc 2.19 and 2.21 so it was a good test
  platform when I was initially attempting to track down the problem.)

  3) What we expected to happen:
  memmove should move data within the entire valid address space without segfaulting or corrupting memory.

  4) What happened instead:
  When memmove attempts to move data crossing the 2GB threshold it either segfaults or causes memory corruption.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1756209/+subscriptions