[COMMITTED] tilegx: remove implicit boolean conversion in strstr.
Commit Message
[BZ #17746]
The __builtin_expect() truncated a uint64_t to a 32-bit long
in ILP32 mode, discarding the high 32 bits, and potentially
missing the NUL terminator that we were searching for with SIMD
operations. Explicitly compare to zero to fix the problem.
---
ChangeLog | 6 ++++++
NEWS | 2 +-
sysdeps/tile/tilegx/strstr.c | 2 +-
3 files changed, 8 insertions(+), 2 deletions(-)
Comments
Is this bug covered by an existing testcase? If not, I think one should
be added (architecture-independent).
On 12/22/2014 3:05 PM, Joseph Myers wrote:
> Is this bug covered by an existing testcase? If not, I think one should
> be added (architecture-independent).
It was revealed by HJ's modification to check2() in string/test-strstr.c
to test for page boundary. So arguably we are more or less covered. In
fact for this particular bug we need it to be the case that the skipped-over
NUL value is in an address that is >= 4, mod 8, which happens to be true
in this case, but I'm not sure it was by design.
However, that test case does reliably catch this particular bug. I think
I must not have re-checked the ILP32 build of glibc since committing the
optimized strstr in September, or else I just missed the FAIL from this one.
@@ -1,3 +1,9 @@
+2014-12-22 Chris Metcalf <cmetcalf@ezchip.com>
+
+ [BZ #17746]
+ * sysdeps/tile/tilegx/strstr.c (STRSTR2): Remove implicit boolean
+ conversion.
+
2014-12-22 Steve Ellcey <sellcey@imgtec.com>
* sysdeps/unix/mips/sysdep.h (__mips_isa_rev): Set
@@ -15,7 +15,7 @@ Version 2.21
17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583,
17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633,
17634, 17647, 17653, 17657, 17664, 17665, 17668, 17682, 17717, 17719,
- 17722, 17724, 17725, 17733, 17744, 17745.
+ 17722, 17724, 17725, 17733, 17744, 17745, 17746.
* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
under certain input conditions resulting in the execution of a shell for
@@ -154,7 +154,7 @@ STRSTR2 (const char *haystack_start, const char *needle)
/* Look for a terminating '\0'. */
zero_matches = __insn_v1cmpeqi (v, 0);
uint64_t byte1_matches = __insn_v1cmpeq (v, byte1);
- if (__builtin_expect (zero_matches, 0))
+ if (__builtin_expect (zero_matches != 0, 0))
{
/* This is the last vector. Don't worry about matches
crossing into the next vector. Shift the second byte