From a817e1555a755224cacc1cbdeeaefb6a1de606f0 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 24 Apr 2024 17:09:08 +0200
Subject: Fix some overlap mismatch

This was caught by the following test:

```

int main(void) {
    char c[32];
    memcpy(c, c + 16, 16);
}
```

Reported-by: q66
---
 include/fortify-headers.h |  4 ++--
 include/string.h          |  8 +++-----
 tests/Makefile            |  1 +
 tests/test_issue57.c      | 11 +++++++++++
 4 files changed, 17 insertions(+), 7 deletions(-)
 create mode 100644 tests/test_issue57.c

diff --git a/include/fortify-headers.h b/include/fortify-headers.h
index ea2e430..796fd2d 100644
--- a/include/fortify-headers.h
+++ b/include/fortify-headers.h
@@ -141,8 +141,8 @@
  * since gcc seems to like to generate code that relies on dst == src */
 #define __fh_overlap(a, len_a, b, len_b) \
 	( \
-		((a) < (b) && (b) < (a) + (__fh_size_t)(len_a)) \
-	     || ((b) < (a) && (a) < (b) + (__fh_size_t)(len_b)) \
+		((a) < (b) && (b) < ((a) + (__fh_size_t)(len_a))) \
+	     || ((b) < (a) && (a) < ((b) + (__fh_size_t)(len_b))) \
         )
 
 /*
diff --git a/include/string.h b/include/string.h
index 071d592..924be49 100644
--- a/include/string.h
+++ b/include/string.h
@@ -58,10 +58,8 @@ __error_if((__fh_bos(__od, 0) < __n), "'memcpy' called with `n` bigger than the
 
 	__fh_size_t __bd = __fh_bos(__od, 0);
 	__fh_size_t __bs = __fh_bos(__os, 0);
-	char *__d = (char *)__od;
-	const char *__s = (const char *)__os;
 
-	if __fh_overlap(__d, __bd, __s, __n)
+	if __fh_overlap(__od, __n, __os, __n)
 		__builtin_trap();
 	if (__n > __bd || __n > __bs)
 		__builtin_trap();
@@ -189,7 +187,7 @@ _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
 	__fh_size_t __n = strlen(__s) + 1;
 	__fh_size_t __b = __fh_bos(__d, 0);
 
-	if (__fh_overlap(__d, __b, __s, __n))
+	if (__fh_overlap(__d, __n, __s, __n))
 		__builtin_trap();
 
 	if (__n > __b)
@@ -257,7 +255,7 @@ _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
 	__fh_size_t __n = strlen(__s) + 1;
 	__fh_size_t __b = __fh_bos(__d, 0);
 
-	if (__fh_overlap(__d, __b, __s, __n))
+	if (__fh_overlap(__d, __n, __s, __n))
 		__builtin_trap();
 
 	if (__n > __b)
diff --git a/tests/Makefile b/tests/Makefile
index 8faf11a..81a1943 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -42,6 +42,7 @@ RUNTIME_TARGETS= \
 	test_gethostname_static      \
 	test_getlogin_r_dynamic      \
 	test_getlogin_r_static       \
+	test_issue57                 \
 	test_mbsrtowcs_dynamic       \
 	test_mbsrtowcs_static        \
 	test_mbstowcs_dynamic        \
diff --git a/tests/test_issue57.c b/tests/test_issue57.c
new file mode 100644
index 0000000..ee9c38e
--- /dev/null
+++ b/tests/test_issue57.c
@@ -0,0 +1,11 @@
+#include "common.h"
+
+#include <string.h>
+
+int main(int argc, char** argv) {
+  char buffer[32];
+  memcpy(buffer , buffer + 16, 16);
+  puts(buffer);
+
+  return ret;
+}
-- 
cgit v1.3