FreeBSD Bugzilla – Attachment 244743 Details for
Bug 273652
libc: broken memchr(3) after base de12a689fad2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
lib/libc/amd64/string/memchr.S: fix behaviour with overly long buffers
0001-lib-libc-amd64-string-memchr.S-fix-behaviour-with-ov.patch (text/plain), 1.88 KB, created by
Robert Clausecker
on 2023-09-10 04:42:24 UTC
(
hide
)
Description:
lib/libc/amd64/string/memchr.S: fix behaviour with overly long buffers
Filename:
MIME Type:
Creator:
Robert Clausecker
Created:
2023-09-10 04:42:24 UTC
Size:
1.88 KB
patch
obsolete
>From e55a88d6140839dc411503b5e7c21a2330d44b77 Mon Sep 17 00:00:00 2001 >From: Robert Clausecker <fuz@FreeBSD.org> >Date: Sun, 10 Sep 2023 00:11:07 -0400 >Subject: [PATCH] lib/libc/amd64/string/memchr.S: fix behaviour with overly > long buffers > >When memchr(buf, c, len) is called with a phony len (say, SIZE_MAX), >buf + len overflows and we have buf + len < buf. This confuses the >implementation and makes it return incorrect results. Neverthless we >must support this case as memchr() is guaranteed to work even with >phony buffer lengths, as long as a match is found before the buffer >actually ends. > >Sponsored by: The FreeBSD Foundation >Reported by: yuri, throwaway_vthgwq4@protonmail.com, des >PR: 273652 >--- > lib/libc/amd64/string/memchr.S | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > >diff --git a/lib/libc/amd64/string/memchr.S b/lib/libc/amd64/string/memchr.S >index e10bd6c22f90..cfab9b1302de 100644 >--- a/lib/libc/amd64/string/memchr.S >+++ b/lib/libc/amd64/string/memchr.S >@@ -44,7 +44,9 @@ ARCHENTRY(__memchr, scalar) > je .Lnomatch > > lea (, %rdi, 8), %ecx >- add %rdi, %rdx # pointer to end of buffer >+ mov $-1, %rax >+ add %rdi, %rdx # pointer to end of buffer or to end of >+ cmovc %rax, %rdx # address space (whichever comes first) > and $~7, %rdi # align to 8 bytes > mov (%rdi), %rax # load first word > movzbl %sil, %esi # clear stray high bits >@@ -118,14 +120,15 @@ ARCHENTRY(__memchr, baseline) > > movd %esi, %xmm2 > mov %edi, %ecx >- add %rdi, %rdx # pointer to end of buffer >+ mov $-1, %r9 >+ add %rdi, %rdx # pointer to end of buffer or to end of >+ cmovc %r9, %rdx # address space (whichever comes first) > and $~0x1f, %rdi # align to 32 bytes > movdqa (%rdi), %xmm0 # load first 32 bytes > movdqa 16(%rdi), %xmm1 > > punpcklbw %xmm2, %xmm2 # c -> cc > >- mov $-1, %r9d > shl %cl, %r9d # mask with zeroes before the string > > punpcklwd %xmm2, %xmm2 # cc -> cccc >-- >2.41.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=244743">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 273652
: 244743