ia64: Fix memchr for large input sizes (BZ #22603)

Current optimized ia64 memchr uses a strategy to check for last address
by adding the input one with expected size.  However it does not take
care for possible overflow.

It was triggered by 3038145ca23 where default rawmemchr now uses memchr
(p, c, (size_t)-1).

This patch fixes it by implement a satured addition where overflows
sets the maximum pointer size to UINTPTR_MAX.

Checked on ia64-linux-gnu where it fixes both stratcliff and
test-rawmemchr failures.

	Adhemerval Zanella  <adhemerval.zanella@linaro.org>
	James Clarke <jrtc27@jrtc27.com>

	[BZ #22603]
	* sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
	addition.

(cherry picked from commit 3bb1ef58b989012f8199b82af6ec136da2f9fda3)

diff --git a/ChangeLog b/ChangeLog
index f9212518d4ce11fcb1dcab909ad3fe8f7614d600..efc8395ebb1ce69745b599b6949da8dc420c401a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-12-19  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+           James Clarke <jrtc27@jrtc27.com>
+
+       [BZ #22603]
+       * sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
+       addition.
+
 2018-01-08  Dmitry V. Levin  <ldv@altlinux.org>
 
        * sysdeps/unix/sysv/linux/tst-ttyname.c (do_in_chroot_1): Skip the

diff --git a/sysdeps/ia64/memchr.S b/sysdeps/ia64/memchr.S
index d60cf7bd87fe7692ef820b4550bdcb00b803e6d7..9a0abc6f0a4cb51d9908a8eab2c1306c14acbf7c 100644 (file)
--- a/sysdeps/ia64/memchr.S
+++ b/sysdeps/ia64/memchr.S
@@ -67,6 +67,10 @@ ENTRY(__memchr)
        .body
        mov     ret0 = str
        add     last = str, in2         // last byte
+       ;;
+       cmp.ltu p6, p0 = last, str
+       ;;
+(p6)   mov     last = -1
        and     tmp = 7, str            // tmp = str % 8
        cmp.ne  p7, p0 = r0, r0         // clear p7
        extr.u  chr = in1, 0, 8         // chr = (unsigned char) in1