s390: Fix MEMCHR_Z900_G5 ifunc-variant if n>=0x80000000 [BZ #28024]

On s390 (31bit), the pointer to the first byte after s always wraps
around with n >= 0x80000000 and can lead to stop searching before
end of s.

Thus this patch just use NULL as byte after s in this case and
the srst instruction stops searching with "not found" when wrapping
around from top address to zero.

This is observable with testcase string/test-memchr
starting with commit "String: Add overflow tests for strnlen, memchr,
and strncat [BZ #27974]"
https://sourceware.org/git/?p=glibc.git;a=commit;h=da5a6fba0febbfc90896ce1b2eb75c6d8a88a72d

diff --git a/sysdeps/s390/memchr-z900.S b/sysdeps/s390/memchr-z900.S
index 90b8a32dd66d182995f850b5572b961732307ab2..72fd9e023f9b0ea985ab2a6ce48bfd9e57352e66 100644 (file)
--- a/sysdeps/s390/memchr-z900.S
+++ b/sysdeps/s390/memchr-z900.S
@@ -44,12 +44,25 @@ ENTRY(MEMCHR_Z900_G5)
        LGHI  %r0,0xff
        NGR   %r0,%r3
        LGR   %r1,%r2
+# if ! defined __s390x__
+       tmlh  %r4,32768
+       jo    3f                /* Jump away if n >= 0x80000000  */
+# endif
        la    %r2,0(%r4,%r1)
 0:     srst  %r2,%r1
        jo    0b
        brc   13,1f
        SLGR  %r2,%r2
 1:     br    %r14
+# if ! defined __s390x__
+       /* On s390 (31bit), the pointer to the first byte after s (stored in
+          r2) always wraps around with n >= 0x80000000 and can lead to stop
+          searching before end of s.  Thus just use r2=0 in this case.
+          If r2 < r1, the srst instruction stops searching with cc=2 "not
+          found" when wrapping around from top address to zero.  */
+3:     SLGR  %r2,%r2
+       j     0b
+# endif
 END(MEMCHR_Z900_G5)
 
 # if ! HAVE_MEMCHR_IFUNC