about summary refs log tree commit diff
path: root/sysdeps/powerpc/powerpc64/power7
diff options
context:
space:
mode:
authorAdhemerval Zanella <adhemerval.zanella@linaro.org>2016-12-15 18:27:10 +0000
committerAdhemerval Zanella <adhemerval.zanella@linaro.org>2016-12-16 11:30:20 -0200
commitb224637928e9fc04e3cef3e10d02ccf042d01584 (patch)
tree5039ee55ad35414936bff34c31c5b3bd05a31e3a /sysdeps/powerpc/powerpc64/power7
parente4d6a83565479c533aabae9046377a59712a5b22 (diff)
downloadglibc-b224637928e9fc04e3cef3e10d02ccf042d01584.tar.gz
glibc-b224637928e9fc04e3cef3e10d02ccf042d01584.tar.xz
glibc-b224637928e9fc04e3cef3e10d02ccf042d01584.zip
Fix powerpc64/power7 memchr for large input sizes
Current optimized powercp64/power7 memchr uses a strategy to check for
p versus align(p+n) (where 'p' is the input char pointer and n the
maximum size to check for the byte) without taking care for possible
overflow on the pointer addition in case of large 'n'.

It was triggered by 3038145ca23 where default rawmemchr (used to
created ppc64 rawmemchr in ifunc selection) now uses memchr (p, c, (size_t)-1)
on its implementation.

This patch fixes it by implement a satured addition where overflows
sets the maximum pointer size to UINTPTR_MAX.

Checked on powerpc64le-linux-gnu.

	[BZ# 20971]
	* sysdeps/powerpc/powerpc64/power7/memchr.S (__memchr): Avoid
	overflow in pointer addition.
	* string/test-memchr.c (do_test): Add an argument to pass as
	the size on memchr.
	(test_main): Add check for SIZE_MAX.
Diffstat (limited to 'sysdeps/powerpc/powerpc64/power7')
-rw-r--r--sysdeps/powerpc/powerpc64/power7/memchr.S12
1 files changed, 11 insertions, 1 deletions
diff --git a/sysdeps/powerpc/powerpc64/power7/memchr.S b/sysdeps/powerpc/powerpc64/power7/memchr.S
index 03f0d7c2dd..0737100fd5 100644
--- a/sysdeps/powerpc/powerpc64/power7/memchr.S
+++ b/sysdeps/powerpc/powerpc64/power7/memchr.S
@@ -26,7 +26,17 @@ ENTRY (__memchr)
 	dcbt	0,r3
 	clrrdi  r8,r3,3
 	insrdi	r4,r4,8,48
-	add	r7,r3,r5      /* Calculate the last acceptable address.  */
+
+	/* Calculate the last acceptable address and check for possible
+	   addition overflow by using satured math:
+	   r7 = r3 + r5
+	   r7 |= -(r7 < x)  */
+	add     r7,r3,r5
+	subfc   r6,r3,r7
+	subfe   r9,r9,r9
+	extsw   r6,r9
+	or      r7,r7,r6
+
 	insrdi	r4,r4,16,32
 	cmpldi	r5,32
 	li	r9, -1