Fix x86_64 memchr for large input sizes

Current optimized memchr for x86_64 does for input arguments pointers module 64 in range of [49,63] if there is no searchr char in the rest of 64-byte block a pointer addition which might overflow: * sysdeps/x86_64/memchr.S 77 .p2align 4 78 L(unaligned_no_match): 79 add %rcx, %rdx Add (uintptr_t)s % 16 to n in %rdx. 80 sub $16, %rdx 81 jbe L(return_null) This patch fixes by adding a saturated math that sets a maximum pointer value if it overflows (UINTPTR_MAX). Checked on x86_64-linux-gnu and powerpc64-linux-gnu. [BZ# 19387] * sysdeps/x86_64/memchr.S (memchr): Avoid overflow in pointer addition. * string/test-memchr.c (do_test): Remove alignment limitation. (test_main): Add test that trigger BZ# 19387.
2016-12-15 18:17:09 -02:00 · 2016-12-15 18:17:09 -02:00 · 3daef2c8ee
parent cecbc7967f
commit 3daef2c8ee
3 changed files with 18 additions and 5 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+2016-12-27  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+
+	[BZ# 19387]
+	* sysdeps/x86_64/memchr.S (memchr): Avoid overflow in pointer
+	addition.
+	* string/test-memchr.c (do_test): Remove alignment limitation.
+	(test_main): Add test that trigger BZ# 19387.
+
 2016-12-26  Nick Alcock  <nick.alcock@oracle.com>

 	[BZ #7065]
--- a/string/test-memchr.c
+++ b/string/test-memchr.c
@ -76,7 +76,6 @@ do_test (size_t align, size_t pos, size_t len, size_t n, int seek_char)
  size_t i;
  CHAR *result;

-  align &= 7;
  if ((align + len) * sizeof (CHAR) >= page_size)
    return;

@ -194,12 +193,12 @@ test_main (void)
      do_test (i, 64, 256, SIZE_MAX, 0);
    }

-  for (i = 1; i < 16; ++i)
+  for (i = 1; i < 64; ++i)
    {
-      for (j = 1; j < 16; j++)
+      for (j = 1; j < 64; j++)
        {
-	  do_test (0, 16 - j, 16, SIZE_MAX, 23);
-	  do_test (i, 16 - j, 16, SIZE_MAX, 23);
+	  do_test (0, 64 - j, 64, SIZE_MAX, 23);
+	  do_test (i, 64 - j, 64, SIZE_MAX, 23);
        }
    }

--- a/sysdeps/x86_64/memchr.S
+++ b/sysdeps/x86_64/memchr.S
@ -76,7 +76,13 @@ L(crosscache):

 	.p2align 4
 L(unaligned_no_match):
+        /* Calculate the last acceptable address and check for possible
+           addition overflow by using satured math:
+           rdx = rcx + rdx
+           rdx |= -(rdx < rcx)  */
 	add	%rcx, %rdx
+	sbb	%rax, %rax
+	or	%rax, %rdx
 	sub	$16, %rdx
 	jbe	L(return_null)
 	add	$16, %rdi