In the words of the memcpy(3) man page: The memcpy() function copies len bytes from buffer src to buffer dst. If the two buffers may overlap, memmove(3) must be used instead.
There is a suspicion that people have been lax about the restriction on overlapping buffers. Courtesy of tedu@, below is a patch that causes memcpy(3) to abort(3) the program outright when an overlap is found. I'm currently running an amd64 bulk build with this and will incrementally report on the results. Index: bcopy.c =================================================================== RCS file: /cvs/src/lib/libc/string/bcopy.c,v retrieving revision 1.5 diff -u -p -r1.5 bcopy.c --- bcopy.c 8 Aug 2005 08:05:37 -0000 1.5 +++ bcopy.c 20 Nov 2014 22:42:33 -0000 @@ -32,6 +32,7 @@ */ #include <string.h> +#include <stdlib.h> /* * sizeof(word) MUST BE A POWER OF TWO @@ -67,6 +68,11 @@ bcopy(const void *src0, void *dst0, size if (length == 0 || dst == src) /* nothing to do */ goto done; +#ifdef MEMCOPY + if ((dst < src && dst + length > src) || + (src < dst && src + length > dst)) + abort(); +#endif /* * Macros: loop-t-times; and loop-t-times, t>0 */ -- Christian "naddy" Weisgerber na...@mips.inka.de