This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/21182] __memchr_sse2: regression in glibc-2.25 on i686

From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Mon, 27 Feb 2017 08:17:18 +0000
Subject: [Bug libc/21182] __memchr_sse2: regression in glibc-2.25 on i686
Auto-submitted: auto-generated
References: <bug-21182-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=21182

--- Comment #8 from Florian Weimer <fweimer at redhat dot com> ---
The change is broken.  The subtraction of $16 happens in the wrong place:

diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2.S
b/sysdeps/i386/i686/multiarch/memchr-sse2.S
index f1a11b5..910679c 100644
--- a/sysdeps/i386/i686/multiarch/memchr-sse2.S
+++ b/sysdeps/i386/i686/multiarch/memchr-sse2.S
@@ -118,8 +118,14 @@ L(crosscache):
 # ifndef USE_AS_RAWMEMCHR
        jnz     L(match_case2_prolog1)
        lea     -16(%edx), %edx
+        /* Calculate the last acceptable address and check for possible
+           addition overflow by using satured math:
+           edx = ecx + edx
+           edx |= -(edx < ecx)  */
        add     %ecx, %edx
-       jle     L(return_null)
+       sbb     %eax, %eax
+       or      %eax, %edx
+       jbe     L(return_null)
        lea     16(%edi), %edi
 # else
        jnz     L(match_case1_prolog1)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug libc/21182] New: segfaults with glibc-2.25 on i686
  - From: blog at pozimski dot eu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]