diff mbox

[COMMITTED] tilegx: remove implicit boolean conversion in strstr.

Message ID 201412221953.sBMJrFOu030187@farm-0002.internal.tilera.com
State Committed
Headers

Commit Message

Chris Metcalf Dec. 22, 2014, 7:50 p.m. UTC 
  [BZ #17746]
The __builtin_expect() truncated a uint64_t to a 32-bit long
in ILP32 mode, discarding the high 32 bits, and potentially
missing the NUL terminator that we were searching for with SIMD
operations.  Explicitly compare to zero to fix the problem.
---
 ChangeLog                    | 6 ++++++
 NEWS                         | 2 +-
 sysdeps/tile/tilegx/strstr.c | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

Comments

Joseph Myers Dec. 22, 2014, 8:05 p.m. UTC | #1 
Is this bug covered by an existing testcase?  If not, I think one should 
be added (architecture-independent).
Chris Metcalf Dec. 22, 2014, 8:23 p.m. UTC | #2 
On 12/22/2014 3:05 PM, Joseph Myers wrote:
> Is this bug covered by an existing testcase?  If not, I think one should
> be added (architecture-independent).

It was revealed by HJ's modification to check2() in string/test-strstr.c
to test for page boundary.  So arguably we are more or less covered.  In
fact for this particular bug we need it to be the case that the skipped-over
NUL value is in an address that is >= 4, mod 8, which happens to be true
in this case, but I'm not sure it was by design.

However, that test case does reliably catch this particular bug.  I think
I must not have re-checked the ILP32 build of glibc since committing the
optimized strstr in September, or else I just missed the FAIL from this one.
diff mbox

Patch

diff --git a/ChangeLog b/ChangeLog
index 4ad8b90161cf..77abebf47806 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@ 
+2014-12-22  Chris Metcalf  <cmetcalf@ezchip.com>
+
+	[BZ #17746]
+	* sysdeps/tile/tilegx/strstr.c (STRSTR2): Remove implicit boolean
+	conversion.
+
 2014-12-22  Steve Ellcey  <sellcey@imgtec.com>
 
 	* sysdeps/unix/mips/sysdep.h (__mips_isa_rev): Set
diff --git a/NEWS b/NEWS
index cf0756b2e04b..56dfff03bf32 100644
--- a/NEWS
+++ b/NEWS
@@ -15,7 +15,7 @@  Version 2.21
   17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583,
   17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633,
   17634, 17647, 17653, 17657, 17664, 17665, 17668, 17682, 17717, 17719,
-  17722, 17724, 17725, 17733, 17744, 17745.
+  17722, 17724, 17725, 17733, 17744, 17745, 17746.
 
 * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
   under certain input conditions resulting in the execution of a shell for
diff --git a/sysdeps/tile/tilegx/strstr.c b/sysdeps/tile/tilegx/strstr.c
index d04f12910db2..de5adaff91c7 100644
--- a/sysdeps/tile/tilegx/strstr.c
+++ b/sysdeps/tile/tilegx/strstr.c
@@ -154,7 +154,7 @@  STRSTR2 (const char *haystack_start, const char *needle)
       /* Look for a terminating '\0'.  */
       zero_matches = __insn_v1cmpeqi (v, 0);
       uint64_t byte1_matches = __insn_v1cmpeq (v, byte1);
-      if (__builtin_expect (zero_matches, 0))
+      if (__builtin_expect (zero_matches != 0, 0))
 	{
 	  /* This is the last vector.  Don't worry about matches
 	     crossing into the next vector.  Shift the second byte