In message "Re: Performance of various memcpy()'s"
    on 02/10/29, Bang Jun-Young <junyoung@mogua.com> writes:
> That check is only compiled in if _DIAGNOSTIC is defined at compile
> time. Obviously it has nothing to do with protecting system from
> attackers.

Right.  It has no effect without _DIAGNOSTIC.

> Unless %ecx is a negative, %edi and %esi are always larger than 12(%esp)
> and 16(%esp), respectively. Calling assert is even more strange;

Please imagine that src (or dst) is 0x12345678 and length (%ecx)
is 0xffffffff.  Copying over the end of the address space is
always meaningless in NetBSD, and may crash the program or may
help exploits.

> "src + length > src" string is passed to assert on dst check, and
> "dst + length > dst" on src check.

Oops, it is a typo.

-- 
TAMURA Kent <kent2002@hauN.org> <kent@netbsd.org>