bin/54040: memset defunct

Wed Jul 2 11:50:20 PDT 2003

>Number:         54040
>Category:       bin
>Synopsis:       memset defunct
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 02 11:50:17 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Dirk Meyer
>Release:        FreeBSD 5.1-STABLE i386
>Organization:
privat
>Environment:

FAILS ON:

FreeBSD dip.dinoex.sub.de 5.1-CURRENT FreeBSD 5.1-CURRENT #7: Tue Jul  1 00:43:09 CEST 2003     root at dip.dinoex.sub.de:/home/obj/usr/src/sys/GENERIC  i386

FreeBSD ref5.freebsd.org 5.1-BETA FreeBSD 5.1-BETA #113: Fri May 23 09:01:24 PDT 2003     root at ref5.freebsd.org:/usr/src/sys/i386/compile/REF5  i386

FreeBSD beast.freebsd.org 5.1-CURRENT FreeBSD 5.1-CURRENT #146: Fri Jun 13 07:48:58 PDT 2003     root at beast.freebsd.org:/usr/src/sys/alpha/compile/BEAST  alpha

RUNS ON:

FreeBSD panther.freebsd.org 5.1-BETA FreeBSD 5.1-BETA #99: Fri May 23 12:34:43 PDT 2003     root at panther.freebsd.org:/s/src/sys/sparc64/compile/PANTHER  sparc64

FreeBSD home.dinoex.sub.de 4.8-STABLE FreeBSD 4.8-STABLE #24: Mon Apr 21 18:04:09 CEST 2003     root at net3.dinoex.de:/usr/obj/usr/src/sys/HOME2  i386

>Description:

	memset with value 0 does not set the memory.

	memset( buffer, 108, 0 );

	buffer is still dirty: all bytes are d0;

leaves leves dirty not a clean memory to the user.
	upto to 4.8 no problem.

objdump -d static-binary:

08051f0c <memset>:
 8051f0c:       57                      push   %edi
 8051f0d:       53                      push   %ebx
 8051f0e:       8b 7c 24 0c             mov    0xc(%esp,1),%edi
 8051f12:       0f b6 44 24 10          movzbl 0x10(%esp,1),%eax
 8051f17:       8b 4c 24 14             mov    0x14(%esp,1),%ecx
 8051f1b:       57                      push   %edi
 8051f1c:       fc                      cld    
 8051f1d:       83 f9 0f                cmp    $0xf,%ecx
 8051f20:       7e 24                   jle    8051f46 <memset+0x3a>
 8051f22:       88 c4                   mov    %al,%ah
 8051f24:       89 c2                   mov    %eax,%edx
 8051f26:       c1 e0 10                shl    $0x10,%eax
 8051f29:       09 d0                   or     %edx,%eax
 8051f2b:       89 fa                   mov    %edi,%edx
 8051f2d:       f7 da                   neg    %edx
 8051f2f:       83 e2 03                and    $0x3,%edx
 8051f32:       89 cb                   mov    %ecx,%ebx
 8051f34:       29 d3                   sub    %edx,%ebx
 8051f36:       89 d1                   mov    %edx,%ecx
 8051f38:       f3 aa                   repz stos %al,%es:(%edi)
 8051f3a:       89 d9                   mov    %ebx,%ecx
 8051f3c:       c1 e9 02                shr    $0x2,%ecx
 8051f3f:       f3 ab                   repz stos %eax,%es:(%edi)
 8051f41:       89 d9                   mov    %ebx,%ecx
 8051f43:       83 e1 03                and    $0x3,%ecx
 8051f46:       f3 aa                   repz stos %al,%es:(%edi)
 8051f48:       58                      pop    %eax
 8051f49:       5b                      pop    %ebx
 8051f4a:       5f                      pop    %edi
 8051f4b:       c3                      ret    

>How-To-Repeat:

	1) run this sample:

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int main( int argc, char **argv )
{
        unsigned char *amap;
        size_t i;
        size_t j;

        j = 108;
        amap = malloc(j);
        if (amap == NULL) {
                printf("cannot allocate map\n");
                exit( 1 );
        }
        memset(amap, j, 0);
        for ( i=0; i < j; i ++ ) {
                if ( amap[ i ] != 0 )
                        printf("memset (%ud bytes), position=%ud, val=%x\n", j, i, amap[ i ]);
                amap[ i ] = 0;
        }
        return 0;
}

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: