From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu, 14 Dec 2017 11:05:46 +0000 (-0200)
Subject: ia64: Fix memchr for large input sizes (BZ #22603)
X-Git-Tag: glibc-2.27~246
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bb1ef58b989012f8199b82af6ec136da2f9fda3;p=thirdparty%2Fglibc.git

ia64: Fix memchr for large input sizes (BZ #22603)

Current optimized ia64 memchr uses a strategy to check for last address
by adding the input one with expected size.  However it does not take
care for possible overflow.

It was triggered by 3038145ca23 where default rawmemchr now uses memchr
(p, c, (size_t)-1).

This patch fixes it by implement a satured addition where overflows
sets the maximum pointer size to UINTPTR_MAX.

Checked on ia64-linux-gnu where it fixes both stratcliff and
test-rawmemchr failures.

	Adhemerval Zanella  <adhemerval.zanella@linaro.org>
	James Clarke <jrtc27@jrtc27.com>

	[BZ #22603]
	* sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
	addition.
---

diff --git a/ChangeLog b/ChangeLog
index b608b248146..4b88a8601d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-12-19  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+	    James Clarke <jrtc27@jrtc27.com>
+
+	[BZ #22603]
+	* sysdeps/ia64/memchr.S (__memchr): Avoid overflow in pointer
+	addition.
+
 2017-12-19  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
 	[BZ #22605]
diff --git a/sysdeps/ia64/memchr.S b/sysdeps/ia64/memchr.S
index d60cf7bd87f..9a0abc6f0a4 100644
--- a/sysdeps/ia64/memchr.S
+++ b/sysdeps/ia64/memchr.S
@@ -67,6 +67,10 @@ ENTRY(__memchr)
 	.body
 	mov	ret0 = str
 	add	last = str, in2		// last byte
+	;;
+	cmp.ltu	p6, p0 = last, str
+	;;
+(p6)	mov	last = -1
 	and	tmp = 7, str		// tmp = str % 8
 	cmp.ne	p7, p0 = r0, r0		// clear p7
 	extr.u	chr = in1, 0, 8		// chr = (unsigned char) in1