ia64: Fix memchr for large input sizes (BZ #22603)

Current optimized ia64 memchr uses a strategy to check for last address
by adding the input one with expected size.  However it does not take
care for possible overflow.

It was triggered by 3038145ca23 where default rawmemchr now uses memchr
(p, c, (size_t)-1).

This patch fixes it by implement a satured addition where overflows
sets the maximum pointer size to UINTPTR_MAX.

Checked on ia64-linux-gnu where it fixes both stratcliff and
test-rawmemchr failures.

	Adhemerval Zanella  <adhemerval.zanella@linaro.org>
	James Clarke <jrtc27@jrtc27.com>

	[BZ #22603]
	* sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
	addition.

diff --git a/ChangeLog b/ChangeLog
index b608b2481461417f2bdac96f8e5c21f38f5471cd..4b88a8601d5cf0c472d137cfadbf90c29430a13a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-12-19  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+           James Clarke <jrtc27@jrtc27.com>
+
+       [BZ #22603]
+       * sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
+       addition.
+
 2017-12-19  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
        [BZ #22605]

diff --git a/sysdeps/ia64/memchr.S b/sysdeps/ia64/memchr.S
index d60cf7bd87fe7692ef820b4550bdcb00b803e6d7..9a0abc6f0a4cb51d9908a8eab2c1306c14acbf7c 100644 (file)
--- a/sysdeps/ia64/memchr.S
+++ b/sysdeps/ia64/memchr.S
@@ -67,6 +67,10 @@ ENTRY(__memchr)
        .body
        mov     ret0 = str
        add     last = str, in2         // last byte
+       ;;
+       cmp.ltu p6, p0 = last, str
+       ;;
+(p6)   mov     last = -1
        and     tmp = 7, str            // tmp = str % 8
        cmp.ne  p7, p0 = r0, r0         // clear p7
        extr.u  chr = in1, 0, 8         // chr = (unsigned char) in1