In the words of the memcpy(3) man page:
The memcpy() function copies len bytes from buffer src to buffer dst. If
the two buffers may overlap, memmove(3) must be used instead.
There is a suspicion that people have been lax about the restriction
on overlapping buffers. Courtesy of tedu@, below is a patch that
causes memcpy(3) to abort(3) the program outright when an overlap
is found.
I'm currently running an amd64 bulk build with this and will
incrementally report on the results.
Index: bcopy.c
===================================================================
RCS file: /cvs/src/lib/libc/string/bcopy.c,v
retrieving revision 1.5
diff -u -p -r1.5 bcopy.c
--- bcopy.c 8 Aug 2005 08:05:37 -0000 1.5
+++ bcopy.c 20 Nov 2014 22:42:33 -0000
@@ -32,6 +32,7 @@
*/
#include <string.h>
+#include <stdlib.h>
/*
* sizeof(word) MUST BE A POWER OF TWO
@@ -67,6 +68,11 @@ bcopy(const void *src0, void *dst0, size
if (length == 0 || dst == src) /* nothing to do */
goto done;
+#ifdef MEMCOPY
+ if ((dst < src && dst + length > src) ||
+ (src < dst && src + length > dst))
+ abort();
+#endif
/*
* Macros: loop-t-times; and loop-t-times, t>0
*/
--
Christian "naddy" Weisgerber na...@mips.inka.de
