From dm@home.dinoex.sub.de  Wed Jul  2 11:14:48 2003
Return-Path: <dm@home.dinoex.sub.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8F33C37B408
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  2 Jul 2003 11:14:48 -0700 (PDT)
Received: from uucp.dinoex.sub.de (uucp.dinoex.sub.de [212.184.201.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5A29D43FA3
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  2 Jul 2003 11:14:47 -0700 (PDT)
	(envelope-from dm@home.dinoex.sub.de)
Received: from home.dinoex.sub.de (home.dinoex.sub.de [217.6.200.196])
	by uucp.dinoex.sub.de (8.12.9/8.12.9) with ESMTP id h62IEbQQ005719
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 2 Jul 2003 20:14:37 +0200 (CEST)
	(envelope-from dm@home.dinoex.sub.de)
Received: (from dm@localhost)
	by home.dinoex.sub.de (8.12.9/8.12.8/Submit) id h62IEgTa061662;
	Wed, 2 Jul 2003 20:14:42 +0200 (CEST)
	(envelope-from dm)
Message-Id: <200307021814.h62IEgTa061662@home.dinoex.sub.de>
Date: Wed, 2 Jul 2003 20:14:42 +0200 (CEST)
From: dirk.meyer@dinoex.sub.org
Reply-To: dirk.meyer@dinoex.sub.org
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: memset defunct
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         54036
>Category:       bin
>Synopsis:       memset defunct
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 02 11:20:08 PDT 2003
>Closed-Date:    Wed Jul 02 20:46:47 CEST 2003
>Last-Modified:  Wed Jul 02 11:48:46 PDT 2003
>Originator:     Dirk Meyer
>Release:        FreeBSD 5.1-STABLE i386
>Organization:
privat
>Environment:

FAILS ON:

FreeBSD dip.dinoex.sub.de 5.1-CURRENT FreeBSD 5.1-CURRENT #7: Tue Jul  1 00:43:09 CEST 2003     root@dip.dinoex.sub.de:/home/obj/usr/src/sys/GENERIC  i386

FreeBSD ref5.freebsd.org 5.1-BETA FreeBSD 5.1-BETA #113: Fri May 23 09:01:24 PDT 2003     root@ref5.freebsd.org:/usr/src/sys/i386/compile/REF5  i386

FreeBSD beast.freebsd.org 5.1-CURRENT FreeBSD 5.1-CURRENT #146: Fri Jun 13 07:48:58 PDT 2003     root@beast.freebsd.org:/usr/src/sys/alpha/compile/BEAST  alpha


RUNS ON:

FreeBSD panther.freebsd.org 5.1-BETA FreeBSD 5.1-BETA #99: Fri May 23 12:34:43 PDT 2003     root@panther.freebsd.org:/s/src/sys/sparc64/compile/PANTHER  sparc64

FreeBSD home.dinoex.sub.de 4.8-STABLE FreeBSD 4.8-STABLE #24: Mon Apr 21 18:04:09 CEST 2003     root@net3.dinoex.de:/usr/obj/usr/src/sys/HOME2  i386

>Description:

	memset with value 0 does not set the memory.

	memset( buffer, 108, 0 );
	
	buffer is still dirty: all bytes are d0;

leaves leves dirty not a clean memory to the user.
	upto to 4.8 no problem.

objdump -d static-binary:

08051f0c <memset>:
 8051f0c:       57                      push   %edi
 8051f0d:       53                      push   %ebx
 8051f0e:       8b 7c 24 0c             mov    0xc(%esp,1),%edi
 8051f12:       0f b6 44 24 10          movzbl 0x10(%esp,1),%eax
 8051f17:       8b 4c 24 14             mov    0x14(%esp,1),%ecx
 8051f1b:       57                      push   %edi
 8051f1c:       fc                      cld    
 8051f1d:       83 f9 0f                cmp    $0xf,%ecx
 8051f20:       7e 24                   jle    8051f46 <memset+0x3a>
 8051f22:       88 c4                   mov    %al,%ah
 8051f24:       89 c2                   mov    %eax,%edx
 8051f26:       c1 e0 10                shl    $0x10,%eax
 8051f29:       09 d0                   or     %edx,%eax
 8051f2b:       89 fa                   mov    %edi,%edx
 8051f2d:       f7 da                   neg    %edx
 8051f2f:       83 e2 03                and    $0x3,%edx
 8051f32:       89 cb                   mov    %ecx,%ebx
 8051f34:       29 d3                   sub    %edx,%ebx
 8051f36:       89 d1                   mov    %edx,%ecx
 8051f38:       f3 aa                   repz stos %al,%es:(%edi)
 8051f3a:       89 d9                   mov    %ebx,%ecx
 8051f3c:       c1 e9 02                shr    $0x2,%ecx
 8051f3f:       f3 ab                   repz stos %eax,%es:(%edi)
 8051f41:       89 d9                   mov    %ebx,%ecx
 8051f43:       83 e1 03                and    $0x3,%ecx
 8051f46:       f3 aa                   repz stos %al,%es:(%edi)
 8051f48:       58                      pop    %eax
 8051f49:       5b                      pop    %ebx
 8051f4a:       5f                      pop    %edi
 8051f4b:       c3                      ret    

>How-To-Repeat:

	1) run this sample:

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int main( int argc, char **argv )
{
        unsigned char *amap;
        size_t i;
        size_t j;

        j = 108;
        amap = malloc(j);
        if (amap == NULL) {
                printf("cannot allocate map\n");
                exit( 1 );
        }
        memset(amap, j, 0);
        for ( i=0; i < j; i ++ ) {
                if ( amap[ i ] != 0 )
                        printf("memset (%ud bytes), position=%ud, val=%x\n", j, i, amap[ i ]);
                amap[ i ] = 0;
        }
        return 0;
}

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: dinoex 
Responsible-Changed-When: Wed Jul 2 20:21:39 CEST 2003 
Responsible-Changed-Why:  
misfiled resposible 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54036 
State-Changed-From-To: open->closed 
State-Changed-By: dinoex 
State-Changed-When: Wed Jul 2 20:42:04 CEST 2003 
State-Changed-Why:  
jdp@polstra.com (John Polstra) wrote: 
the submitter's code is wrong.  He swapped the 2nd and 3rd arguments to memset. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54036 
>Unformatted:
