== Comment: #0 - Thomas Staudt <tstaudt@de.ibm.com> - 2024-07-17 05:53:28 ==
+++ This bug was initially created as a clone of Bug #207894 +++

The >=z13 wcsncmp implementation segfaults if n=1 and there is only one character (equal on both strings) before the page end. Then it loads and compares one character and misses to check n again. The following load fails.

This issue was reported here:
Bug 31934 - wcsncmp crash on s390x on vlbb instruction
https://sourceware.org/bugzilla/show_bug.cgi?id=31934

And fixed upstream (first in glibc 2.40):
s390x: Fix segfault in wcsncmp [BZ #31934]
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b7651410375ec8848a1944992d663d514db4ba7

This Fix was cherry-picked to the current branches glibc 2.32-39:
- 2.39: commit 5c46e6b66636be0010e9a732d5ba1e65ebd54687
- 2.38: commit 712453634c8efd71a9b3ff0122145a9e90e9955c
- 2.37: commit 340ca2d5148371614c234068f430c19293f962dc
- 2.36: commit a70c55a91b2b361f43e4142aadf86f22af57d406
- 2.35: commit c7cd62653850135bc880688a78104dbf77cf8121
- 2.34: commit 87fa7bfb84895bb517beb8aaf92bd45b829daabb
- 2.33: commit 5f08d1df2c07904c1dc98bdf2b363c65874266f7
- 2.32: commit 5ad449c398a845a9c84808e4ac603beaa1006909

In case somebody needs the fix for older glibc releases (issue was introduced with glibc 2.23), feel free to just cherry-pick it. Note, that the file was moved from sysdeps/s390/multiarch/wcsncmp-vx.S to sysdeps/s390/wcsncmp-vx.S with commit e9873e1d47c870d707117ada91c9be21e3bf1537 (in glibc 2.29), but the implementation does not differ.