| Message ID | 20220110002746.3653516-1-goldstein.w.n@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2,1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] | expand |
| Context | Check | Description |
|---|---|---|
| dj/TryBot-apply_patch | success | Patch applied to master at the time it was sent |
On Sun, Jan 9, 2022 at 4:28 PM Noah Goldstein via Libc-alpha <libc-alpha@sourceware.org> wrote: > > Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to > __wcscmp_avx2. For x86_64 this covers the entire address range so any > length larger could not possibly be used to bound `s1` or `s2`. > > test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass. > > Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> > --- > sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S > index a45f9d2749..9c73b5899d 100644 > --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S > +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S > @@ -87,6 +87,16 @@ ENTRY (STRCMP) > je L(char0) > jb L(zero) > # ifdef USE_AS_WCSCMP > +# ifndef __ILP32__ > + movq %rdx, %rcx > + /* Check if length could overflow when multiplied by > + sizeof(wchar_t). Checking top 8 bits will cover all potential > + overflow cases as well as redirect cases where its impossible to > + length to bound a valid memory region. In these cases just use > + 'wcscmp'. */ > + shrq $56, %rcx > + jnz __wcscmp_avx2 > +# endif > /* Convert units: from wide to byte char. */ > shl $2, %RDX_LP > # endif > -- > 2.25.1 > LGTM. Reviewed-by: H.J. Lu <hjl.tools@gmail.com> Thanks.
diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S index a45f9d2749..9c73b5899d 100644 --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S @@ -87,6 +87,16 @@ ENTRY (STRCMP) je L(char0) jb L(zero) # ifdef USE_AS_WCSCMP +# ifndef __ILP32__ + movq %rdx, %rcx + /* Check if length could overflow when multiplied by + sizeof(wchar_t). Checking top 8 bits will cover all potential + overflow cases as well as redirect cases where its impossible to + length to bound a valid memory region. In these cases just use + 'wcscmp'. */ + shrq $56, %rcx + jnz __wcscmp_avx2 +# endif /* Convert units: from wide to byte char. */ shl $2, %RDX_LP # endif
Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to __wcscmp_avx2. For x86_64 this covers the entire address range so any length larger could not possibly be used to bound `s1` or `s2`. test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass. Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> --- sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++ 1 file changed, 10 insertions(+)