From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 637B93851C24; Sun, 7 Jun 2020 20:03:36 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 637B93851C24 From: "skpgkp2 at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug string/25933] Off by one error in __strncmp_avx2 when length=VEC_SIZE*4 and strings are at page boundaries can cause a segfault Date: Sun, 07 Jun 2020 20:03:36 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: string X-Bugzilla-Version: 2.28 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: skpgkp2 at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: hjl.tools at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jun 2020 20:03:36 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D25933 --- Comment #6 from Sunil Pandey --- (In reply to H.J. Lu from comment #5) > (In reply to Sunil Pandey from comment #4) > > Created attachment 12601 [details] > > strncmp_avx2 patch for pr25933 > >=20 > > Tested attached patch on > >=20 > > https://gitlab.com/x86-glibc/glibc/-/commits/users/hjl/pr25933/master >=20 > Looks good. Please try this >=20 > diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S > b/sysdeps/x86_64/multiarch/strcmp-avx2.S > index 48d03a9f46..dabc3e7590 100644 > --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S > +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S > @@ -256,6 +256,11 @@ L(next_3_vectors): > vpmovmskb %ymm0, %ecx > testl %ecx, %ecx > jne L(return_3_vec_size) > +# ifdef USE_AS_STRNCMP > + /* Check if VEC_SIZE * 4 already exceeded max compare count %r11 */ > + cmpq $(VEC_SIZE * 4), %r11 > + jbe L(zero) > +# endif > L(main_loop_header): > leaq (VEC_SIZE * 4)(%rdi), %rdx > movl $PAGE_SIZE, %ecx It fixes the issue on my setup as expected. $ ./test-strncmp simple_strncmp stupid_strncmp __strncmp_avx2=20 __strncmp_sse42 __strncmp_ssse3 __strncmp_sse2 $ echo $? 0 $ git diff diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S index 48d03a9f46..84ffe2cd5c 100644 --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S @@ -256,6 +256,11 @@ L(next_3_vectors): vpmovmskb %ymm0, %ecx testl %ecx, %ecx jne L(return_3_vec_size) +# ifdef USE_AS_STRNCMP + /* Check if VEC_SIZE * 4 already exceeded max compare count %r11 */ + cmpq $(VEC_SIZE * 4), %r11 + jbe L(zero) +# endif L(main_loop_header): leaq (VEC_SIZE * 4)(%rdi), %rdx movl $PAGE_SIZE, %ecx --=20 You are receiving this mail because: You are on the CC list for the bug.=