hrev44282 adds 1 changeset to branch 'master' old head: fb8447d59586d40fc8987ede4795ebda64354839 new head: 8695be5049294c32c45ef69f8a500dd759f46079 ---------------------------------------------------------------------------- 8695be5: Fix regressions in arch_cpu_user_strlcpy(). - repnz movsb turns out to not actually be a legal instruction, resulting in various strings being copied incorrectly, leading to random crashes in various places. Rework to use loop instead. Thanks to Alex Smith for helping review changes and offering improvements. - Minor cleanups. - Fixes #8650 properly. [ Rene Gollent <anevilyak@xxxxxxxxx> ] ---------------------------------------------------------------------------- Revision: hrev44282 Commit: 8695be5049294c32c45ef69f8a500dd759f46079 URL: http://cgit.haiku-os.org/haiku/commit/?id=8695be5 Author: Rene Gollent <anevilyak@xxxxxxxxx> Date: Mon Jul 2 18:41:31 2012 UTC Ticket: https://dev.haiku-os.org/ticket/8650 ---------------------------------------------------------------------------- 1 file changed, 19 insertions(+), 8 deletions(-) src/system/kernel/arch/x86/arch_x86.S | 27 +++++++++++++++++++-------- ---------------------------------------------------------------------------- diff --git a/src/system/kernel/arch/x86/arch_x86.S b/src/system/kernel/arch/x86/arch_x86.S index 58e20fc..f731299 100644 --- a/src/system/kernel/arch/x86/arch_x86.S +++ b/src/system/kernel/arch/x86/arch_x86.S @@ -276,19 +276,32 @@ FUNCTION(arch_cpu_user_strlcpy): /* Copy at most count - 1 bytes */ dec %ecx - /* move data by bytes */ + /* If count is now 0, skip straight to null terminating + as our loop will otherwise overflow */ + cmp $0,%ecx + jne .L_user_strlcpy_copy_begin + movb $0,(%edi) + jmp .L_user_strlcpy_source_count + +.L_user_strlcpy_copy_begin: cld - repnz +.L_user_strlcpy_copy_loop: + /* move data by bytes */ movsb + cmpb $0,-1(%esi) + je .L_user_strlcpy_copy_loop_done + loop .L_user_strlcpy_copy_loop - /* null terminate string */ - movb $0,(%edi) - dec %esi - +.L_user_strlcpy_copy_loop_done: /* check if we copied the entire source string */ cmp $0,%ecx jne .L_user_strlcpy_source_done +.L_user_strlcpy_zero_terminate: + /* null terminate string */ + movb $0,(%edi) + dec %esi + /* count remaining bytes in src */ .L_user_strlcpy_source_count: not %ecx @@ -297,11 +310,9 @@ FUNCTION(arch_cpu_user_strlcpy): scasb .L_user_strlcpy_source_done: - movl %esi,%eax subl 20(%esp),%eax subl $1,%eax - /* restore the old fault handler */ movl %ebx,(%edx)