about summary refs log tree commit diff
path: root/sysdeps
diff options
context:
space:
mode:
authorChris Metcalf <cmetcalf@mellanox.com>2017-01-16 15:38:25 -0500
committerChris Metcalf <cmetcalf@mellanox.com>2017-01-16 15:44:48 -0500
commit502697713f4f129b602d7213253a9982ee1989f1 (patch)
tree933c5eb4537e278df0cb0e2e664c40bc0afe6b38 /sysdeps
parent4cb89c158124c27006903f10e309b09d5311053a (diff)
downloadglibc-502697713f4f129b602d7213253a9982ee1989f1.tar.gz
glibc-502697713f4f129b602d7213253a9982ee1989f1.tar.xz
glibc-502697713f4f129b602d7213253a9982ee1989f1.zip
tile: Check for pointer add overflow in memchr
As was done in b224637928e9, check for large size causing an overflow
in the loop that walks over the array.

Branching out of line here is the fastest approach for handling this
problem, since tile can bundle the instructions to compute the branch
test in parallel with doing the required memchr loop setup computation.

Unfortunately, the existing saturated ops (e.g. tilegx addxsc) are
all signed saturing ops, so don't help with unsigned saturation.
Diffstat (limited to 'sysdeps')
-rw-r--r--sysdeps/tile/tilegx/memchr.c4
-rw-r--r--sysdeps/tile/tilepro/memchr.c4
2 files changed, 8 insertions, 0 deletions
diff --git a/sysdeps/tile/tilegx/memchr.c b/sysdeps/tile/tilegx/memchr.c
index 34df19d231..7da0f79da2 100644
--- a/sysdeps/tile/tilegx/memchr.c
+++ b/sysdeps/tile/tilegx/memchr.c
@@ -51,6 +51,10 @@ __memchr (const void *s, int c, size_t n)
   /* Compute the address of the last byte. */
   last_byte_ptr = (const char *) s + n - 1;
 
+  /* Handle possible addition overflow.  */
+  if (__glibc_unlikely ((uintptr_t) last_byte_ptr < (uintptr_t) s))
+    last_byte_ptr = (const char *) UINTPTR_MAX;
+
   /* Compute the address of the word containing the last byte. */
   last_word_ptr = (const uint64_t *) ((uintptr_t) last_byte_ptr & -8);
 
diff --git a/sysdeps/tile/tilepro/memchr.c b/sysdeps/tile/tilepro/memchr.c
index 1848a9cadb..fba1f70c2c 100644
--- a/sysdeps/tile/tilepro/memchr.c
+++ b/sysdeps/tile/tilepro/memchr.c
@@ -51,6 +51,10 @@ __memchr (const void *s, int c, size_t n)
   /* Compute the address of the last byte. */
   last_byte_ptr = (const char *) s + n - 1;
 
+  /* Handle possible addition overflow.  */
+  if (__glibc_unlikely ((uintptr_t) last_byte_ptr < (uintptr_t) s))
+    last_byte_ptr = (const char *) UINTPTR_MAX;
+
   /* Compute the address of the word containing the last byte. */
   last_word_ptr = (const uint32_t *) ((uintptr_t) last_byte_ptr & -4);