From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-stable@sourceware.org
Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Subject: [2.26 COMMITTED] ia64: Fix memchr for large input sizes (BZ #22603)
Date: Mon, 01 Jan 2018 00:00:00 -0000 [thread overview]
Message-ID: <20180110205858.32256-1-aurelien@aurel32.net> (raw)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Current optimized ia64 memchr uses a strategy to check for last address
by adding the input one with expected size. However it does not take
care for possible overflow.
It was triggered by 3038145ca23 where default rawmemchr now uses memchr
(p, c, (size_t)-1).
This patch fixes it by implement a satured addition where overflows
sets the maximum pointer size to UINTPTR_MAX.
Checked on ia64-linux-gnu where it fixes both stratcliff and
test-rawmemchr failures.
Adhemerval Zanella <adhemerval.zanella@linaro.org>
James Clarke <jrtc27@jrtc27.com>
[BZ #22603]
* sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
addition.
(cherry picked from commit 3bb1ef58b989012f8199b82af6ec136da2f9fda3)
---
ChangeLog | 7 +++++++
sysdeps/ia64/memchr.S | 4 ++++
2 files changed, 11 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index f9212518d4..efc8395ebb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-12-19 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+ James Clarke <jrtc27@jrtc27.com>
+
+ [BZ #22603]
+ * sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
+ addition.
+
2018-01-08 Dmitry V. Levin <ldv@altlinux.org>
* sysdeps/unix/sysv/linux/tst-ttyname.c (do_in_chroot_1): Skip the
diff --git a/sysdeps/ia64/memchr.S b/sysdeps/ia64/memchr.S
index d60cf7bd87..9a0abc6f0a 100644
--- a/sysdeps/ia64/memchr.S
+++ b/sysdeps/ia64/memchr.S
@@ -67,6 +67,10 @@ ENTRY(__memchr)
.body
mov ret0 = str
add last = str, in2 // last byte
+ ;;
+ cmp.ltu p6, p0 = last, str
+ ;;
+(p6) mov last = -1
and tmp = 7, str // tmp = str % 8
cmp.ne p7, p0 = r0, r0 // clear p7
extr.u chr = in1, 0, 8 // chr = (unsigned char) in1
--
2.15.1
reply other threads:[~2018-01-10 20:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110205858.32256-1-aurelien@aurel32.net \
--to=aurelien@aurel32.net \
--cc=adhemerval.zanella@linaro.org \
--cc=libc-stable@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).