From patchwork Mon Jan 2 14:26:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 18754 Received: (qmail 33785 invoked by alias); 2 Jan 2017 14:26:58 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 33278 invoked by uid 89); 2 Jan 2017 14:26:58 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM, SPF_PASS autolearn=no version=3.3.2 spammy=sk:match_c, 2.7.4, 118, 8, 1188 X-HELO: mail-yw0-f171.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=b+gUq3nA+cakjx2pauOzTBV+Y5EJfhWSM1QMPaBFE2g=; b=koUuAi83WmFrTEhrC8g/DhsGuj+2whEZLKdf0uRP9iuDh0zWR43z8hU4wYwJbKLJKK ujqA/zmZTDXuB7RQaG4VoTvP3iEWBu39HUudzCJJ2MnwrCfIbWiMwoOA8lqpvb6mVmUL dnjW46vr54HDIKmjlJzzT7+s5KDYhZj23RUUIOD5vVTz/wg+Po2FjGXKzvwrhIu5m33I NJToTByRnphZfJdJbTQgSFW2TBG6TknPl/dqJp9/8C+ij0Ub8c0MrpiER182DoOFkRdy 3S3E6DGGGeUWSi7PAGMHMTZ8kg0JGhncQBuM8rTx3p8yIZ84qlOs67vbUTsulA3KrIQ5 Zqig== X-Gm-Message-State: AIkVDXLiNSh5OOJ2mLWx+kjgCVl2EteeUz10Ae6q+qCJi+W9izaJsd3mClx3ZDdQF3YWin9S X-Received: by 10.129.157.203 with SMTP id u194mr59735057ywg.322.1483367206233; Mon, 02 Jan 2017 06:26:46 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Subject: [PATCH] Fix i686 memchr for large input sizes Date: Mon, 2 Jan 2017 12:26:39 -0200 Message-Id: <1483367199-20720-1-git-send-email-adhemerval.zanella@linaro.org> Similar to BZ#19387 and BZ#20971, both i686 memchr optimized assembly implementations (memchr-sse2-bsf and memchr-sse2) do not handle the size overflow correctly. It is shown by the new tests added by commit 3daef2c8ee4df29, where both implementation fails with size as SIZE_MAX. This patch uses a similar strategy used on 3daef2c8ee4df2, where saturared math is used for overflow case. Checked on i686-linux-gnu. [BZ #21014] * sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S (MEMCHR): Avoid overflow in pointer addition. * sysdeps/i386/i686/multiarch/memchr-sse2.S (MEMCHR): Likewise. --- ChangeLog | 7 +++++++ sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S | 10 ++++++++-- sysdeps/i386/i686/multiarch/memchr-sse2.S | 8 +++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S b/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S index c035329..dd31648 100644 --- a/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S +++ b/sysdeps/i386/i686/multiarch/memchr-sse2-bsf.S @@ -149,9 +149,15 @@ L(crosscache): .p2align 4 L(unaligned_no_match): # ifndef USE_AS_RAWMEMCHR - sub $16, %edx + /* Calculate the last acceptable address and check for possible + addition overflow by using satured math: + edx = ecx + edx + edx |= -(edx < ecx) */ add %ecx, %edx - jle L(return_null) + sbb %eax, %eax + or %eax, %edx + sub $16, %edx + jbe L(return_null) add $16, %edi # else add $16, %edx diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2.S b/sysdeps/i386/i686/multiarch/memchr-sse2.S index f1a11b5..910679c 100644 --- a/sysdeps/i386/i686/multiarch/memchr-sse2.S +++ b/sysdeps/i386/i686/multiarch/memchr-sse2.S @@ -118,8 +118,14 @@ L(crosscache): # ifndef USE_AS_RAWMEMCHR jnz L(match_case2_prolog1) lea -16(%edx), %edx + /* Calculate the last acceptable address and check for possible + addition overflow by using satured math: + edx = ecx + edx + edx |= -(edx < ecx) */ add %ecx, %edx - jle L(return_null) + sbb %eax, %eax + or %eax, %edx + jbe L(return_null) lea 16(%edi), %edi # else jnz L(match_case1_prolog1)