From patchwork Fri Dec 23 19:47:40 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tulio Magno Quites Machado Filho
 <tuliom@linux.vnet.ibm.com>
X-Patchwork-Id: 18670
Received: (qmail 8637 invoked by alias); 23 Dec 2016 19:48:00 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 8622 invoked by uid 89); 23 Dec 2016 19:47:59 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.6 required=5.0 tests=BAYES_00,
	KAM_LAZY_DOMAIN_SECURITY,
	RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=
X-HELO: mx0a-001b2d01.pphosted.com
From: "Tulio Magno Quites Machado Filho" <tuliom@linux.vnet.ibm.com>
To: libc-alpha@sourceware.org
Cc: adhemerval.zanella@linaro.org
Subject: [PATCH] powerpc: Fix powerpc32/power7 memchr for large input sizes
Date: Fri, 23 Dec 2016 17:47:40 -0200
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16122319-0024-0000-0000-0000013E20DF
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 16122319-0025-0000-0000-00001602599D
Message-Id: <1482522460-26613-1-git-send-email-tuliom@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2016-12-23_16:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	spamscore=0 suspectscore=1
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000
	definitions=main-1612230318

The same error fixed in commit b224637928e9fc04e3cef3e10d02ccf042d01584
happens in the 32-bit implementation of memchr for power7.

This patch adopts the same solution, with a minimal change: it
implements a saturated addition where overflows sets the maximum pointer
size to UINTPTR_MAX.

2016-12-23  Tulio Magno Quites Machado Filho  <tuliom@linux.vnet.ibm.com>

	* sysdeps/powerpc/powerpc32/power7/memchr.S (__memchr): Avoid an
	overflow in pointer addition.
---
 sysdeps/powerpc/powerpc32/power7/memchr.S | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/sysdeps/powerpc/powerpc32/power7/memchr.S b/sysdeps/powerpc/powerpc32/power7/memchr.S
index 318168b..5ce2bb0 100644
--- a/sysdeps/powerpc/powerpc32/power7/memchr.S
+++ b/sysdeps/powerpc/powerpc32/power7/memchr.S
@@ -26,7 +26,16 @@ ENTRY (__memchr)
 	dcbt	0,r3
 	clrrwi  r8,r3,2
 	insrwi	r4,r4,8,16    /* Replicate byte to word.  */
-	add	r7,r3,r5      /* Calculate the last acceptable address.  */
+
+	/* Calculate the last acceptable address and check for possible
+	   addition overflow by using satured math:
+	   r7 = r3 + r5
+	   r7 |= -(r7 < x)  */
+	add     r7,r3,r5
+	subfc   r6,r3,r7
+	subfe   r9,r9,r9
+	or      r7,r7,r9
+
 	insrwi	r4,r4,16,0
 	cmplwi	r5,16
 	li	r9, -1