tile: Check for pointer add overflow in memchr
Commit Message
As was done in b224637928e9, check for large size causing an overflow
in the loop that walks over the array.
---
2017-01-12 Chris Metcalf <cmetcalf@mellanox.com>
* sysdeps/tile/tilegx/memchr.c (__memchr): Properly handle
overflow for large sizes.
* sysdeps/tile/tilepro/memchr.c (__memchr): Likewise.
sysdeps/tile/tilegx/memchr.c | 4 ++++
sysdeps/tile/tilepro/memchr.c | 4 ++++
2 files changed, 8 insertions(+)
Comments
On 12/01/2017 19:37, Chris Metcalf wrote:
> + /* Handle possible addition overflow. */
> + if (__glibc_unlikely ((unsigned long) last_byte_ptr < (unsigned long) s))
> + last_byte_ptr = (const char *) UINTPTR_MAX;
> +
Wouldn't a branchfree saturating addition be better for tile?
@@ -51,6 +51,10 @@ __memchr (const void *s, int c, size_t n)
/* Compute the address of the last byte. */
last_byte_ptr = (const char *) s + n - 1;
+ /* Handle possible addition overflow. */
+ if (__glibc_unlikely ((unsigned long) last_byte_ptr < (unsigned long) s))
+ last_byte_ptr = (const char *) UINTPTR_MAX;
+
/* Compute the address of the word containing the last byte. */
last_word_ptr = (const uint64_t *) ((uintptr_t) last_byte_ptr & -8);
@@ -51,6 +51,10 @@ __memchr (const void *s, int c, size_t n)
/* Compute the address of the last byte. */
last_byte_ptr = (const char *) s + n - 1;
+ /* Handle possible addition overflow. */
+ if (__glibc_unlikely ((unsigned long) last_byte_ptr < (unsigned long) s))
+ last_byte_ptr = (const char *) UINTPTR_MAX;
+
/* Compute the address of the word containing the last byte. */
last_word_ptr = (const uint32_t *) ((uintptr_t) last_byte_ptr & -4);