memchr overshoots on ia64

(cherry picked from commit 70b7d00fc782759f1257001202cc30cb29bae28f)

2 files changed, 12 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index def693e279..3158003125 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-02-05  H.J. Lu  <hongjiu.lu@intel.com>
+
+	[BZ #11230]
+	* sysdeps/ia64/memchr.S: Don't read beyond the last byte
+	during recovery.
+
 2010-03-25  Ryan S. Arnold  <rsa@us.ibm.com>
 
 	* sysdeps/unix/sysv/linux/getsysstats.c (next_line): Remove
diff --git a/sysdeps/ia64/memchr.S b/sysdeps/ia64/memchr.S
index cdd71ca5a5..56d8056839 100644
--- a/sysdeps/ia64/memchr.S
+++ b/sysdeps/ia64/memchr.S
@@ -47,7 +47,7 @@
 #define saved_lc	r16
 #define	chr		r17
 #define len		r18
-#define pos0		r20
+#define last		r20
 #define val		r21
 #define tmp		r24
 #define chrx8		r25
@@ -67,6 +67,7 @@ ENTRY(__memchr)
 	mov	saved_pr = pr		// save the predicates
 	.body
 	mov 	ret0 = str
+	add	last = str, in2		// last byte
 	and 	tmp = 7, str		// tmp = str % 8
 	cmp.ne	p7, p0 = r0, r0		// clear p7
 	extr.u	chr = in1, 0, 8		// chr = (unsigned char) in1
@@ -143,7 +144,10 @@ ENTRY(__memchr)
 	ld8	tmp = [ret0];;		// load the first unchecked 8byte
 	xor	aux[1] = tmp, chrx8;;
 	czx1.r	poschr[1] = aux[1];;
-	cmp.ne	p7, p0 = 8, poschr[1]
+	cmp.ne	p7, p0 = 8, poschr[1];;
+(p7)	add	ret0 = addr[MEMLAT+2], poschr[1];;
+(p7)	cmp.geu	p6, p7 = ret0, last	// don't go over the last byte
+(p6)	br.cond.spnt	.notfound;;
 (p7)	br.cond.spnt	.foundit;;
 	adds	ret0 = 8, ret0		// load the next unchecked 8byte
 	br.sptk	.l4;;