Re: test-memchr failure on rawhide

[Jim Meyering]

Bruno Haible wrote:
> Ben Pfaff wrote:
>> Yes.  C99 7.2.21p2 says:
> [In my copy of C99 this is 7.21.1p2.]
>>
>>      Where an argument declared as size_t n specifies the length
>>      of the array for a function, n can have the value zero on a
>>      call to that function.  Unless explicitly stated otherwise
>>      in the description of a particular function in this
>>      subclause, pointer arguments on such a call shall still have
>>      valid values, as described in 7.1.4.
>>
>> 7.1.4p1 says:
>>
>>      If an argument to a function has an invalid value (such as a
>>      value outside the domain of the function, or a pointer
>>      outside the address space of the program, or a null pointer,
>>      or a pointer to non-modifiable storage when the
>>      corresponding parameter is not const-qualified) or a type
>>      (after promotion) not expected by a function with variable
>>      number of arguments, the behavior is undefined.
>>
>> In other words, 7.2.21 says that pointer arguments to these
>> functions must have valid values, and 7.1.4 says that null is an
>> invalid value.
>
> Thanks a lot, Ben. This makes it clear that in the case ptr = NULL, n = 0,

Indeed.  Thank you, Ben.

> glibc's behaviour is standards compliant and "only" a deviation from
> traditional behaviour. We'll need to change the gnulib unit tests.
>
> Now about the case ptr != NULL, n = 0. Jim, what is the result of these two
> programs on the particular Fedora Rawhide platform for which you reported
> the original bug?
>
> ==================================== foo1.c =================================

This exits with status 0

> =================================== foo2.c ================================
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> #include <unistd.h>
> #include <sys/mman.h>
>
> int main ()
> {
>   int pagesize = getpagesize ();
>   char *two_pages = (char *) mmap (NULL, 2 * pagesize, PROT_READ | 
> PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
>   if (two_pages == (char *)-1)
>     {
>       fprintf (stderr, "mmap failed\n");
>       exit (1);
>     }
>   if (mprotect (two_pages + pagesize, pagesize, PROT_NONE) != 0)
>     {
>       fprintf (stderr, "mprotect failed\n");
>       exit (1);
>     }
>   if (memchr (two_pages + pagesize, '*', 0) != NULL)
>     {
>       fprintf (stderr, "memchr returned non-NULL\n");
>       exit (1);
>     }
>   return 0;
> }
> =========================================================================

This one segfaults on the memchr-induced access:

    memchr () at ../sysdeps/x86_64/memchr.S:31
    31              movdqa  (%rdi), %xmm0

Running via valgrind, it succeeds, as you might expect,
due to the interposed memchr implementation.