mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-24 03:31:07 +00:00
s390: Fix MEMCHR_Z900_G5 ifunc-variant if n>=0x80000000 [BZ #28024]
On s390 (31bit), the pointer to the first byte after s always wraps around with n >= 0x80000000 and can lead to stop searching before end of s. Thus this patch just use NULL as byte after s in this case and the srst instruction stops searching with "not found" when wrapping around from top address to zero. This is observable with testcase string/test-memchr starting with commit "String: Add overflow tests for strnlen, memchr, and strncat [BZ #27974]" https://sourceware.org/git/?p=glibc.git;a=commit;h=da5a6fba0febbfc90896ce1b2eb75c6d8a88a72d
This commit is contained in:
parent
ba436665b1
commit
7c45df18e1
@ -44,12 +44,25 @@ ENTRY(MEMCHR_Z900_G5)
|
||||
LGHI %r0,0xff
|
||||
NGR %r0,%r3
|
||||
LGR %r1,%r2
|
||||
# if ! defined __s390x__
|
||||
tmlh %r4,32768
|
||||
jo 3f /* Jump away if n >= 0x80000000 */
|
||||
# endif
|
||||
la %r2,0(%r4,%r1)
|
||||
0: srst %r2,%r1
|
||||
jo 0b
|
||||
brc 13,1f
|
||||
SLGR %r2,%r2
|
||||
1: br %r14
|
||||
# if ! defined __s390x__
|
||||
/* On s390 (31bit), the pointer to the first byte after s (stored in
|
||||
r2) always wraps around with n >= 0x80000000 and can lead to stop
|
||||
searching before end of s. Thus just use r2=0 in this case.
|
||||
If r2 < r1, the srst instruction stops searching with cc=2 "not
|
||||
found" when wrapping around from top address to zero. */
|
||||
3: SLGR %r2,%r2
|
||||
j 0b
|
||||
# endif
|
||||
END(MEMCHR_Z900_G5)
|
||||
|
||||
# if ! HAVE_MEMCHR_IFUNC
|
||||
|
Loading…
Reference in New Issue
Block a user