[v3,2/7] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]

Message ID 20220110213540.1258344-2-goldstein.w.n@gmail.com
State New
Headers show
Series
  • [v3,1/7] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
Related show

Commit Message

Adhemerval Zanella via Libc-alpha Jan. 10, 2022, 9:35 p.m.
Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
__wcscmp_evex. For x86_64 this covers the entire address range so any
length larger could not possibly be used to bound `s1` or `s2`.

test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.

Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>

---
 sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++
 1 file changed, 10 insertions(+)

-- 
2.25.1

Comments

Adhemerval Zanella via Libc-alpha Jan. 11, 2022, 2:15 a.m. | #1
On Mon, Jan 10, 2022 at 1:36 PM Noah Goldstein via Libc-alpha
<libc-alpha@sourceware.org> wrote:
>

> Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to

> __wcscmp_evex. For x86_64 this covers the entire address range so any

> length larger could not possibly be used to bound `s1` or `s2`.

>

> test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.

>

> Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>

> ---

>  sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++

>  1 file changed, 10 insertions(+)

>

> diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S

> index 1d971f3889..0cd939d5af 100644

> --- a/sysdeps/x86_64/multiarch/strcmp-evex.S

> +++ b/sysdeps/x86_64/multiarch/strcmp-evex.S

> @@ -104,6 +104,16 @@ ENTRY (STRCMP)

>         je      L(char0)

>         jb      L(zero)

>  #  ifdef USE_AS_WCSCMP

> +#  ifndef __ILP32__

> +       movq    %rdx, %rcx

> +       /* Check if length could overflow when multiplied by

> +          sizeof(wchar_t). Checking top 8 bits will cover all potential

> +          overflow cases as well as redirect cases where its impossible to

> +          length to bound a valid memory region. In these cases just use

> +          'wcscmp'.  */

> +       shrq    $56, %rcx

> +       jnz     __wcscmp_evex

> +#  endif

>         /* Convert units: from wide to byte char.  */

>         shl     $2, %RDX_LP

>  #  endif

> --

> 2.25.1

>


LGTM.

Reviewed-by: H.J. Lu <hjl.tools@gmail.com>


Thanks.

-- 
H.J.

Patch

diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
index 1d971f3889..0cd939d5af 100644
--- a/sysdeps/x86_64/multiarch/strcmp-evex.S
+++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
@@ -104,6 +104,16 @@  ENTRY (STRCMP)
 	je	L(char0)
 	jb	L(zero)
 #  ifdef USE_AS_WCSCMP
+#  ifndef __ILP32__
+	movq	%rdx, %rcx
+	/* Check if length could overflow when multiplied by
+	   sizeof(wchar_t). Checking top 8 bits will cover all potential
+	   overflow cases as well as redirect cases where its impossible to
+	   length to bound a valid memory region. In these cases just use
+	   'wcscmp'.  */
+	shrq	$56, %rcx
+	jnz	__wcscmp_evex
+#  endif
 	/* Convert units: from wide to byte char.  */
 	shl	$2, %RDX_LP
 #  endif