DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 52O1Shkd2082758
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 52O1Shkd2082758
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=ZFzq992r
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org ADE1B385AC1A
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1742779721;
	bh=wnZhy+LIf4yGIIAfXBjRsGHp7LUo5HFO7Aojdo0TyTw=;
	h=Date:To:Subject:In-Reply-To:References:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=ZFzq992rWuI+dJHeZ2/xMjp/LBKfX1JOq/EInMgHVie1IYON5DT+9eXDo4ou2wHZk
	GEx/+Gdu0BhxdMEvg4g0QV1bpPUNq8PJbljcrpvQ7TtJ+GEbWHP9MjQODjX9MqhgMj
	izf2tKbVyb1Kexdl7w6FyhlzIU6wpNjNGrnEYhpM=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 0BE0F3858C31
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 0BE0F3858C31
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1742779695; cv=none;
	b=PFe6V5fnL8wh1Pw5sYmX1NHqCOSxHU1SF8htR8qMKH2GAPKGrlM9uSvbCvYgSup6Ft0U9keN6aIs8uhAkDY50tKqlIshVkaf2LbaUBR7JyWwGmDcWQBC4gnPBSsvXCbOKR7GgLI76QEy0mYMUsJ4RGK7ikMWHY2U3mpiokgfMmI=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1742779695; c=relaxed/simple;
	bh=f57xi9RPFpQERypa0Pi+SOTzNHrMujXzryFYOsSP7KU=;
	h=Date:From:To:Subject:Message-Id:Mime-Version:DKIM-Signature;
	b=k4KJSY4wX++A1R3zIzySfipbIVdQsPXAEBNNWW7TFkkcxtxdMy5PEvOEoZoUfZ/G1X2KKPruK/L23MbGzCC7s8kIYfzBw+EjkGPfh/pHXwtaImU/kvgyz/nu3q5+fUVPF+e3JRm8zM36sc/kGueg1f1GXSEiXqw39NfP+kcZx20=
ARC-Authentication-Results:	i=1; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 0BE0F3858C31
Date:	Mon, 24 Mar 2025 10:28:10 +0900
To:	cygwin AT cygwin DOT com
Subject:	Re: STATUS_HEAP_CORRUPTION if signal arrives when x86 direction
	flag is set
Message-Id:	<20250324102810.225bb1da1a0f6a738c03ad9d@nifty.ne.jp>
In-Reply-To:	<9413f848-7e2b-7044-be11-93045c75dc40@t-online.de>
References:	<9413f848-7e2b-7044-be11-93045c75dc40 AT t-online DOT de>
X-Mailer:	Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32)
Mime-Version:	1.0
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Takashi Yano via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Takashi Yano <takashi DOT yano AT nifty DOT ne DOT jp>
Errors-To:	cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 52O1Shkd2082758

On Sun, 23 Mar 2025 12:54:36 +0100
Christian Franke wrote:
> Found because 'stress-ng --memcpy ...' and other tests report segfaults:
> 
> An exception 0xc0000374 (STATUS_HEAP_CORRUPTION) occurs if a signal 
> arrives during a memmove() which copies backwards due to overlap.
> 
> The related snippet[s] from winsup/cygwin/x86_64/bcopy.S:
>          std
>          rep
>          movs[qb]
>          cld
> 
> The testcase below shows that a set DF arrives at the signal handler. 
> This violates the ABI, AFAIK. After return, the process aborts 
> regardless of a "cld" in the signal handler.
> 
> $ uname -r # also reproducible with 3.5.7-1
> 3.6.0-1.x86_64
> 
> $ cat dflagsig.c
> #include <signal.h>
> #include <unistd.h>
> 
> static volatile sig_atomic_t sigcnt;
> 
> static void sighandler(int sig)
> {
>    (void)sig;
>    // asm volatile ("cld"); // <== does not prevent crash
>    if (__builtin_ia32_readeflags_u64() & 0x0400)
>      write(1, "[DF=1]\n", 7);
>    else
>      write(1, "[DF=0]\n", 7);
>    ++sigcnt;
> }
> 
> int main()
> {
>    signal(SIGINT, sighandler);
>    int std = 0, cnt;
>    while ((cnt = sigcnt) < 5) {
>      if (cnt == 2 && !std) {
>        asm volatile ("std");
>        std = 1;
>      }
>      else if (cnt > 2 && std) {
>        asm volatile ("cld");
>        std = 0;
>      }
>    }
>    return 42;
> }
> 
> $ gcc -o dflagsig dflagsig.c
> 
> $ ./dflagsig # ... and press 3x ^C
> [DF=0]
> [DF=0]
> [DF=1]
> 
> $ echo $? # Hmm... "silent" crash!
> 0
> 
> $  strace ./dflagsig # ... and run 3x 'kill -INT 1288' from other window
> ...
>     48 14882485 [main] dflagsig 1288 set_signal_mask: setmask 2, newmask 
> 0, mask_bits 2
> 863030 15745515 [sig] dflagsig 1288 sigpacket::process: signal 2 processing
> ...
>     55 15746773 [sig] dflagsig 1288 _cygtls::interrupt_setup: armed 
> signal_arrived 0x0, signal 2
>     70 15746843 [sig] dflagsig 1288 sigpacket::setup_handler: signal 2 
> delivered
> --- Process 12736 (pid: 1288), exception c0000374 at 00007ffe342dcba9
> ...
> --- Process 12736 exited with status 0xc0000374
> 

Thanks for the report. I'll submit a patch to fix that.

-- 
Takashi Yano <takashi DOT yano AT nifty DOT ne DOT jp>

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -