s390: Fix MEMCHR_Z900_G5 ifunc-variant if n>=0x80000000 [BZ #28024]
Checks
Context |
Check |
Description |
dj/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
dj/TryBot-32bit |
success
|
Build for i686
|
Commit Message
On s390 (31bit), the pointer to the first byte after s always wraps
around with n >= 0x80000000 and can lead to stop searching before
end of s.
Thus this patch just use NULL as byte after s in this case and
the srst instruction stops searching with "not found" when wrapping
around from top address to zero.
This is observable with testcase string/test-memchr
starting with commit "String: Add overflow tests for strnlen, memchr,
and strncat [BZ #27974]"
https://sourceware.org/git/?p=glibc.git;a=commit;h=da5a6fba0febbfc90896ce1b2eb75c6d8a88a72d
---
sysdeps/s390/memchr-z900.S | 13 +++++++++++++
1 file changed, 13 insertions(+)
Comments
On 29/06/2021 11:37, Stefan Liebler wrote:
> On s390 (31bit), the pointer to the first byte after s always wraps
> around with n >= 0x80000000 and can lead to stop searching before
> end of s.
>
> Thus this patch just use NULL as byte after s in this case and
> the srst instruction stops searching with "not found" when wrapping
> around from top address to zero.
>
> This is observable with testcase string/test-memchr
> starting with commit "String: Add overflow tests for strnlen, memchr,
> and strncat [BZ #27974]"
> https://sourceware.org/git/?p=glibc.git;a=commit;h=da5a6fba0febbfc90896ce1b2eb75c6d8a88a72d
> ---
> sysdeps/s390/memchr-z900.S | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/sysdeps/s390/memchr-z900.S b/sysdeps/s390/memchr-z900.S
> index 90b8a32dd6..72fd9e023f 100644
> --- a/sysdeps/s390/memchr-z900.S
> +++ b/sysdeps/s390/memchr-z900.S
> @@ -44,12 +44,25 @@ ENTRY(MEMCHR_Z900_G5)
> LGHI %r0,0xff
> NGR %r0,%r3
> LGR %r1,%r2
> +# if ! defined __s390x__
> + tmlh %r4,32768
> + jo 3f /* Jump away if n >= 0x80000000 */
> +# endif
> la %r2,0(%r4,%r1)
> 0: srst %r2,%r1
> jo 0b
> brc 13,1f
> SLGR %r2,%r2
> 1: br %r14
> +# if ! defined __s390x__
> + /* On s390 (31bit), the pointer to the first byte after s (stored in
> + r2) always wraps around with n >= 0x80000000 and can lead to stop
> + searching before end of s. Thus just use r2=0 in this case.
> + If r2 < r1, the srst instruction stops searching with cc=2 "not
> + found" when wrapping around from top address to zero. */
> +3: SLGR %r2,%r2
> + j 0b
> +# endif
> END(MEMCHR_Z900_G5)
>
> # if ! HAVE_MEMCHR_IFUNC
>
Committed and closed the bugzilla.
@@ -44,12 +44,25 @@ ENTRY(MEMCHR_Z900_G5)
LGHI %r0,0xff
NGR %r0,%r3
LGR %r1,%r2
+# if ! defined __s390x__
+ tmlh %r4,32768
+ jo 3f /* Jump away if n >= 0x80000000 */
+# endif
la %r2,0(%r4,%r1)
0: srst %r2,%r1
jo 0b
brc 13,1f
SLGR %r2,%r2
1: br %r14
+# if ! defined __s390x__
+ /* On s390 (31bit), the pointer to the first byte after s (stored in
+ r2) always wraps around with n >= 0x80000000 and can lead to stop
+ searching before end of s. Thus just use r2=0 in this case.
+ If r2 < r1, the srst instruction stops searching with cc=2 "not
+ found" when wrapping around from top address to zero. */
+3: SLGR %r2,%r2
+ j 0b
+# endif
END(MEMCHR_Z900_G5)
# if ! HAVE_MEMCHR_IFUNC