This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] Fix i686 memchr for large input sizes
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: libc-alpha at sourceware dot org
- Date: Mon, 2 Jan 2017 12:26:39 -0200
- Subject: [PATCH] Fix i686 memchr for large input sizes
- Authentication-results: sourceware.org; auth=none
Similar to BZ#19387 and BZ#20971, both i686 memchr optimized assembly
implementations (memchr-sse2-bsf and memchr-sse2) do not handle the
size overflow correctly.
It is shown by the new tests added by commit 3daef2c8ee4df29, where
both implementation fails with size as SIZE_MAX.
This patch uses a similar strategy used on 3daef2c8ee4df2, where
saturared math is used for overflow case.
Checked on i686-linux-gnu.
[BZ #21014]
* sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S (MEMCHR): Avoid overflow
in pointer addition.
* sysdeps/i386/i686/multiarch/memchr-sse2.S (MEMCHR): Likewise.
---
ChangeLog | 7 +++++++
sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S | 10 ++++++++--
sysdeps/i386/i686/multiarch/memchr-sse2.S | 8 +++++++-
3 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S b/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S
index c035329..dd31648 100644
--- a/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S
+++ b/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S
@@ -149,9 +149,15 @@ L(crosscache):
.p2align 4
L(unaligned_no_match):
# ifndef USE_AS_RAWMEMCHR
- sub $16, %edx
+ /* Calculate the last acceptable address and check for possible
+ addition overflow by using satured math:
+ edx = ecx + edx
+ edx |= -(edx < ecx) */
add %ecx, %edx
- jle L(return_null)
+ sbb %eax, %eax
+ or %eax, %edx
+ sub $16, %edx
+ jbe L(return_null)
add $16, %edi
# else
add $16, %edx
diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2.S b/sysdeps/i386/i686/multiarch/memchr-sse2.S
index f1a11b5..910679c 100644
--- a/sysdeps/i386/i686/multiarch/memchr-sse2.S
+++ b/sysdeps/i386/i686/multiarch/memchr-sse2.S
@@ -118,8 +118,14 @@ L(crosscache):
# ifndef USE_AS_RAWMEMCHR
jnz L(match_case2_prolog1)
lea -16(%edx), %edx
+ /* Calculate the last acceptable address and check for possible
+ addition overflow by using satured math:
+ edx = ecx + edx
+ edx |= -(edx < ecx) */
add %ecx, %edx
- jle L(return_null)
+ sbb %eax, %eax
+ or %eax, %edx
+ jbe L(return_null)
lea 16(%edi), %edi
# else
jnz L(match_case1_prolog1)
--
2.7.4