This repository was archived by the owner on Mar 22, 2023. It is now read-only.
This repository was archived by the owner on Mar 22, 2023. It is now read-only.
avx access beyond end of string #1262
Open
Description
Environment Information
- libpmemobj-cpp version(s): 1.13.0
- PMDK (libpmemobj) package version(s): 1.12.0
- OS(es) version(s): Debian bookworm/unstable
- kernel version(s): 5.10.70 (reporter), 5.19-rc5 (me)
- compiler, libraries, packaging and other related tools version(s): gcc-11, glibc 2.33
- TBB version(s): -
- ndctl version(s): 73
For some reason, string comparison started to optimistically vectorize matching pieces of the string, including strings shorter than the AVX2 chunk (32 bytes) or tails of longer strings. This never gives an invalid answer (matches past the buffer's end get cut off later), is AFAIK allowed by the hardware+kernel on x86 — but valgrind hates that.
We now get fails like:
==730367== Invalid read of size 32
==730367== at 0x4C3E899: __wmemcmp_avx2_movbe (memcmp-avx2-movbe.S:412)
==730367== Address 0xbd7f090 is 0 bytes inside a block of size 20 alloc'd
I don't see any obvious toolchain upgrades in unstable recently — gcc-11, gcc-2.33, valgrind 3.18.1 have been there for a long time. Still, some bit must have been upgraded so now these tests reliably fail.