git: b2618b651b28 - main - lib/libc/amd64/string/memchr.S: fix behaviour with overly long buffers

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Robert Clausecker <fuz_at_FreeBSD.org>
Date: Sun, 10 Sep 2023 12:59:16 UTC

The branch main has been updated by fuz:

URL: https://cgit.FreeBSD.org/src/commit/?id=b2618b651b28fd29e62a4e285f5be09ea30a85d4

commit b2618b651b28fd29e62a4e285f5be09ea30a85d4
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2023-09-10 04:11:07 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-09-10 12:52:59 +0000

    lib/libc/amd64/string/memchr.S: fix behaviour with overly long buffers
    
    When memchr(buf, c, len) is called with a phony len (say, SIZE_MAX),
    buf + len overflows and we have buf + len < buf.  This confuses the
    implementation and makes it return incorrect results.  Neverthless we
    must support this case as memchr() is guaranteed to work even with
    phony buffer lengths, as long as a match is found before the buffer
    actually ends.
    
    Sponsored by:   The FreeBSD Foundation
    Reported by:    yuri, des
    Tested by:      des
    Approved by:    mjg (blanket, via IRC)
    MFC after:      1 week
    MFC to:         stable/14
    PR:             273652
---
 lib/libc/amd64/string/memchr.S | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/libc/amd64/string/memchr.S b/lib/libc/amd64/string/memchr.S
index e10bd6c22f90..cfab9b1302de 100644
--- a/lib/libc/amd64/string/memchr.S
+++ b/lib/libc/amd64/string/memchr.S
@@ -44,7 +44,9 @@ ARCHENTRY(__memchr, scalar)
 	je	.Lnomatch
 
 	lea	(, %rdi, 8), %ecx
-	add	%rdi, %rdx	# pointer to end of buffer
+	mov	$-1, %rax
+	add	%rdi, %rdx	# pointer to end of buffer or to end of
+	cmovc	%rax, %rdx	# address space (whichever comes first)
 	and	$~7, %rdi	# align to 8 bytes
 	mov	(%rdi), %rax	# load first word
 	movzbl	%sil, %esi	# clear stray high bits
@@ -118,14 +120,15 @@ ARCHENTRY(__memchr, baseline)
 
 	movd		%esi, %xmm2
 	mov		%edi, %ecx
-	add		%rdi, %rdx		# pointer to end of buffer
+	mov		$-1, %r9
+	add		%rdi, %rdx		# pointer to end of buffer or to end of
+	cmovc		%r9, %rdx		# address space (whichever comes first)
 	and		$~0x1f, %rdi		# align to 32 bytes
 	movdqa		(%rdi), %xmm0		# load first 32 bytes
 	movdqa		16(%rdi), %xmm1
 
 	punpcklbw	%xmm2, %xmm2		# c -> cc
 
-	mov		$-1, %r9d
 	shl		%cl, %r9d		# mask with zeroes before the string
 
 	punpcklwd	%xmm2, %xmm2		# cc -> cccc