negative memcpy
Denys Vlasenko
vda.linux at googlemail.com
Wed Aug 10 03:02:07 UTC 2011
On Wed, Aug 10, 2011 at 2:32 AM, manish kumar <deliver2manish at gmail.com> wrote:
> int main()
> {
> 400448: 55 push %rbp
> 400449: 48 89 e5 mov %rsp,%rbp
> size_t size = -1;
> 40044c: 48 c7 45 f8 ff ff ff movq
> $0xffffffffffffffff,0xfffffffffffffff8(%rbp)
> 400453: ff
> char src[10] = {0, }, dest[10] = {0, };
> 400454: 48 c7 45 e0 00 00 00 movq $0x0,0xffffffffffffffe0(%rbp)
> 40045b: 00
> 40045c: 66 c7 45 e8 00 00 movw $0x0,0xffffffffffffffe8(%rbp)
> 400462: 48 c7 45 d0 00 00 00 movq $0x0,0xffffffffffffffd0(%rbp)
> 400469: 00
> 40046a: 66 c7 45 d8 00 00 movw $0x0,0xffffffffffffffd8(%rbp)
> memcpy(dest, src, size);
> 400470: 48 8d 45 d0 lea 0xffffffffffffffd0(%rbp),%rax
> 400474: 48 8d 55 e0 lea 0xffffffffffffffe0(%rbp),%rdx
> 400478: 48 8b 4d f8 mov 0xfffffffffffffff8(%rbp),%rcx
> 40047c: 48 89 c7 mov %rax,%rdi
> 40047f: 48 89 d6 mov %rdx,%rsi
> 400482: fc cld
> 400483: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi)
The assembly looks correct. It should indeed attempt to copy 4Gb or
2^64-1 bytes, depending on how rep prefix is treated in 64-bit mode (I
don't remember whether it uses ecx or rcx as the counter). rcx is set
to 0xffff...ffff above.
Try single-stepping "rep movsb" with a debugger and check how
registers are changing after each byte copy. It might be even a CPU
bug...
--
vda
More information about the uClibc
mailing list