negative memcpy

Denys Vlasenko vda.linux at googlemail.com
Wed Aug 10 03:02:07 UTC 2011


On Wed, Aug 10, 2011 at 2:32 AM, manish kumar <deliver2manish at gmail.com> wrote:
> int main()
> {
>  400448:       55                      push   %rbp
>  400449:       48 89 e5                mov    %rsp,%rbp
>        size_t size = -1;
>  40044c:       48 c7 45 f8 ff ff ff    movq
> $0xffffffffffffffff,0xfffffffffffffff8(%rbp)
>  400453:       ff
>        char src[10] = {0, }, dest[10] = {0, };
>  400454:       48 c7 45 e0 00 00 00    movq   $0x0,0xffffffffffffffe0(%rbp)
>  40045b:       00
>  40045c:       66 c7 45 e8 00 00       movw   $0x0,0xffffffffffffffe8(%rbp)
>  400462:       48 c7 45 d0 00 00 00    movq   $0x0,0xffffffffffffffd0(%rbp)
>  400469:       00
>  40046a:       66 c7 45 d8 00 00       movw   $0x0,0xffffffffffffffd8(%rbp)
>        memcpy(dest, src, size);
>  400470:       48 8d 45 d0             lea    0xffffffffffffffd0(%rbp),%rax
>  400474:       48 8d 55 e0             lea    0xffffffffffffffe0(%rbp),%rdx
>  400478:       48 8b 4d f8             mov    0xfffffffffffffff8(%rbp),%rcx
>  40047c:       48 89 c7                mov    %rax,%rdi
>  40047f:       48 89 d6                mov    %rdx,%rsi
>  400482:       fc                      cld
>  400483:       f3 a4                   rep movsb %ds:(%rsi),%es:(%rdi)


The assembly looks correct. It should indeed attempt to copy 4Gb or
2^64-1 bytes, depending on how rep prefix is treated in 64-bit mode (I
don't remember whether it uses ecx or rcx as the counter). rcx is set
to 0xffff...ffff above.

Try single-stepping "rep movsb" with a debugger and check how
registers are changing after each byte copy. It might be even a CPU
bug...

-- 
vda


More information about the uClibc mailing list