Similar to BZ#19387 and BZ#20971, both i686 memchr optimized assembly
implementations (memchr-sse2-bsf and memchr-sse2) do not handle the
size overflow correctly.
It is shown by the new tests added by commit
3daef2c8ee4df29, where
both implementation fails with size as SIZE_MAX.
This patch uses a similar strategy used on
3daef2c8ee4df2, where
saturared math is used for overflow case.
Checked on i686-linux-gnu.
[BZ #21014]
* sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S (MEMCHR): Avoid overflow
in pointer addition.
* sysdeps/i386/i686/multiarch/memchr-sse2.S (MEMCHR): Likewise.
+2017-01-02 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+
+ [BZ #21014]
+ * sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S (MEMCHR): Avoid overflow
+ in pointer addition.
+ * sysdeps/i386/i686/multiarch/memchr-sse2.S (MEMCHR): Likewise.
+
2017-01-02 Torvald Riegel <triegel@redhat.com>
* sysdeps/sparc/nptl/bits/pthreadtypes.h (pthread_cond_t): Adapt to
.p2align 4
L(unaligned_no_match):
# ifndef USE_AS_RAWMEMCHR
- sub $16, %edx
+ /* Calculate the last acceptable address and check for possible
+ addition overflow by using satured math:
+ edx = ecx + edx
+ edx |= -(edx < ecx) */
add %ecx, %edx
- jle L(return_null)
+ sbb %eax, %eax
+ or %eax, %edx
+ sub $16, %edx
+ jbe L(return_null)
add $16, %edi
# else
add $16, %edx
# ifndef USE_AS_RAWMEMCHR
jnz L(match_case2_prolog1)
lea -16(%edx), %edx
+ /* Calculate the last acceptable address and check for possible
+ addition overflow by using satured math:
+ edx = ecx + edx
+ edx |= -(edx < ecx) */
add %ecx, %edx
- jle L(return_null)
+ sbb %eax, %eax
+ or %eax, %edx
+ jbe L(return_null)
lea 16(%edi), %edi
# else
jnz L(match_case1_prolog1)
projects / platform / upstream / glibc.git / commitdiff