From b50d5b746cc0af5ad52164dcb0d3628f08b05a0d Mon Sep 17 00:00:00 2001 From: Noah Goldstein Date: Sun, 9 Jan 2022 16:02:21 -0600 Subject: [PATCH] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to __wcscmp_avx2. For x86_64 this covers the entire address range so any length larger could not possibly be used to bound `s1` or `s2`. test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass. Signed-off-by: Noah Goldstein (cherry picked from commit ddf0992cf57a93200e0c782e2a94d0733a5a0b87) --- sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S index 40333010a6..3dfcb1bf80 100644 --- a/sysdeps/x86_64/multiarch/strcmp-avx2.S +++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S @@ -87,6 +87,16 @@ ENTRY (STRCMP) je L(char0) jb L(zero) # ifdef USE_AS_WCSCMP +# ifndef __ILP32__ + movq %rdx, %rcx + /* Check if length could overflow when multiplied by + sizeof(wchar_t). Checking top 8 bits will cover all potential + overflow cases as well as redirect cases where its impossible to + length to bound a valid memory region. In these cases just use + 'wcscmp'. */ + shrq $56, %rcx + jnz __wcscmp_avx2 +# endif /* Convert units: from wide to byte char. */ shl $2, %RDX_LP # endif