ia64: Fix memchr for large input sizes (BZ #22603)
Commit Message
Current optimized ia64 memchr uses a strategy to check for last address
by adding the input one with expected size. However it does not take
care for possible overflow.
It was triggered by 3038145ca23 where default rawmemchr now uses memchr
(p, c, (size_t)-1).
This patch fixes it by implement a satured addition where overflows
sets the maximum pointer size to UINTPTR_MAX.
Checked on ia64-linux-gnu where it fixes both stratcliff and
test-rawmemchr failures.
Adhemerval Zanella <adhemerval.zanella@linaro.org>
James Clarke <jrtc27@jrtc27.com>
[BZ #22603]
* sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
addition.
---
ChangeLog | 7 +++++++
sysdeps/ia64/memchr.S | 4 ++++
2 files changed, 11 insertions(+)
Comments
On 14/12/2017 09:13, Adhemerval Zanella wrote:
> Current optimized ia64 memchr uses a strategy to check for last address
> by adding the input one with expected size. However it does not take
> care for possible overflow.
>
> It was triggered by 3038145ca23 where default rawmemchr now uses memchr
> (p, c, (size_t)-1).
>
> This patch fixes it by implement a satured addition where overflows
> sets the maximum pointer size to UINTPTR_MAX.
>
> Checked on ia64-linux-gnu where it fixes both stratcliff and
> test-rawmemchr failures.
>
> Adhemerval Zanella <adhemerval.zanella@linaro.org>
> James Clarke <jrtc27@jrtc27.com>
>
> [BZ #22603]
> * sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
> addition.
> ---
> ChangeLog | 7 +++++++
> sysdeps/ia64/memchr.S | 4 ++++
> 2 files changed, 11 insertions(+)
>
> diff --git a/sysdeps/ia64/memchr.S b/sysdeps/ia64/memchr.S
> index d60cf7b..9a0abc6 100644
> --- a/sysdeps/ia64/memchr.S
> +++ b/sysdeps/ia64/memchr.S
> @@ -67,6 +67,10 @@ ENTRY(__memchr)
> .body
> mov ret0 = str
> add last = str, in2 // last byte
> + ;;
> + cmp.ltu p6, p0 = last, str
> + ;;
> +(p6) mov last = -1
> and tmp = 7, str // tmp = str % 8
> cmp.ne p7, p0 = r0, r0 // clear p7
> extr.u chr = in1, 0, 8 // chr = (unsigned char) in1
>
I will commit this shortly if no one opposes it.
@@ -67,6 +67,10 @@ ENTRY(__memchr)
.body
mov ret0 = str
add last = str, in2 // last byte
+ ;;
+ cmp.ltu p6, p0 = last, str
+ ;;
+(p6) mov last = -1
and tmp = 7, str // tmp = str % 8
cmp.ne p7, p0 = r0, r0 // clear p7
extr.u chr = in1, 0, 8 // chr = (unsigned char) in1