diff mbox series

[v2,2/7] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]

Message ID 20220110002746.3653516-2-goldstein.w.n@gmail.com
State Superseded
Headers show
Series [v2,1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] | expand

Checks

Context Check Description
dj/TryBot-apply_patch success Patch applied to master at the time it was sent

Commit Message

Noah Goldstein Jan. 10, 2022, 12:27 a.m. UTC
Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
__wcscmp_evex. For x86_64 this covers the entire address range so any
length larger could not possibly be used to bound `s1` or `s2`.

test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
---
 sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

H.J. Lu Jan. 10, 2022, 12:35 a.m. UTC | #1
On Sun, Jan 9, 2022 at 4:28 PM Noah Goldstein via Libc-alpha
<libc-alpha@sourceware.org> wrote:
>
> Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
> __wcscmp_evex. For x86_64 this covers the entire address range so any
> length larger could not possibly be used to bound `s1` or `s2`.
>
> test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
>
> Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
> ---
>  sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
> index 1d971f3889..0cd939d5af 100644
> --- a/sysdeps/x86_64/multiarch/strcmp-evex.S
> +++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
> @@ -104,6 +104,16 @@ ENTRY (STRCMP)
>         je      L(char0)
>         jb      L(zero)
>  #  ifdef USE_AS_WCSCMP
> +#  ifndef __ILP32__
> +       movq    %rdx, %rcx
> +       /* Check if length could overflow when multiplied by
> +          sizeof(wchar_t). Checking top 8 bits will cover all potential
> +          overflow cases as well as redirect cases where its impossible to
> +          length to bound a valid memory region. In these cases just use
> +          'wcscmp'.  */
> +       shrq    $56, %rcx
> +       jnz     __wcscmp_evex
> +#  endif
>         /* Convert units: from wide to byte char.  */
>         shl     $2, %RDX_LP
>  #  endif
> --
> 2.25.1
>

LGTM.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>

Thanks.
diff mbox series

Patch

diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
index 1d971f3889..0cd939d5af 100644
--- a/sysdeps/x86_64/multiarch/strcmp-evex.S
+++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
@@ -104,6 +104,16 @@  ENTRY (STRCMP)
 	je	L(char0)
 	jb	L(zero)
 #  ifdef USE_AS_WCSCMP
+#  ifndef __ILP32__
+	movq	%rdx, %rcx
+	/* Check if length could overflow when multiplied by
+	   sizeof(wchar_t). Checking top 8 bits will cover all potential
+	   overflow cases as well as redirect cases where its impossible to
+	   length to bound a valid memory region. In these cases just use
+	   'wcscmp'.  */
+	shrq	$56, %rcx
+	jnz	__wcscmp_evex
+#  endif
 	/* Convert units: from wide to byte char.  */
 	shl	$2, %RDX_LP
 #  endif