commit 0ef2f4400c06927af34c515555f68840a70ba409

Author: Wilco Dijkstra <wdijkstr@arm.com>

Date:   Wed Sep 19 16:50:18 2018 +0100

    Fix strstr bug with huge needles (bug 23637)

    The generic strstr in GLIBC 2.28 fails to match huge needles.  The optimized

    AVAILABLE macro reads ahead a large fixed amount to reduce the overhead of

    repeatedly checking for the end of the string.  However if the needle length

    is larger than this, two_way_long_needle may confuse this as meaning the end

    of the string and return NULL.  This is fixed by adding the needle length to

    the amount to read ahead.

            [BZ #23637]

            * string/test-strstr.c (pr23637): New function.

            (test_main): Add tests with longer needles.

            * string/strcasestr.c (AVAILABLE): Fix readahead distance.

            * string/strstr.c (AVAILABLE): Likewise.

        (cherry picked from commit 83a552b0bb9fc2a5e80a0ab3723c0a80ce1db9f2)

diff --git a/string/strcasestr.c b/string/strcasestr.c

index 5909fe3cdba88e47..421764bd1b0ff22e 100644

--- a/string/strcasestr.c

+++ b/string/strcasestr.c

@@ -37,8 +37,9 @@

 /* Two-Way algorithm.  */

 #define RETURN_TYPE char *

 #define AVAILABLE(h, h_l, j, n_l)			\

-  (((j) + (n_l) <= (h_l)) || ((h_l) += __strnlen ((void*)((h) + (h_l)), 512), \

-			      (j) + (n_l) <= (h_l)))

+  (((j) + (n_l) <= (h_l)) \

+   || ((h_l) += __strnlen ((void*)((h) + (h_l)), (n_l) + 512), \

+       (j) + (n_l) <= (h_l)))

 #define CHECK_EOL (1)

 #define RET0_IF_0(a) if (!a) goto ret0

 #define CANON_ELEMENT(c) TOLOWER (c)

diff --git a/string/strstr.c b/string/strstr.c

index 265e9f310ce507ce..79ebcc75329d0b17 100644

--- a/string/strstr.c

+++ b/string/strstr.c

@@ -33,8 +33,9 @@

 #define RETURN_TYPE char *

 #define AVAILABLE(h, h_l, j, n_l)			\

-  (((j) + (n_l) <= (h_l)) || ((h_l) += __strnlen ((void*)((h) + (h_l)), 512), \

-			      (j) + (n_l) <= (h_l)))

+  (((j) + (n_l) <= (h_l)) \

+   || ((h_l) += __strnlen ((void*)((h) + (h_l)), (n_l) + 512), \

+       (j) + (n_l) <= (h_l)))

 #define CHECK_EOL (1)

 #define RET0_IF_0(a) if (!a) goto ret0

 #define FASTSEARCH(S,C,N) (void*) strchr ((void*)(S), (C))

diff --git a/string/test-strstr.c b/string/test-strstr.c

index 8d99716ff39cc2c2..5861b01b73e4c315 100644

--- a/string/test-strstr.c

+++ b/string/test-strstr.c

@@ -151,6 +151,32 @@ check2 (void)

     }

 }

+#define N 1024

+

+static void

+pr23637 (void)

+{

+  char *h = (char*) buf1;

+  char *n = (char*) buf2;

+

+  for (int i = 0; i < N; i++)

+    {

+      n[i] = 'x';

+      h[i] = ' ';

+      h[i + N] = 'x';

+    }

+

+  n[N] = '\0';

+  h[N * 2] = '\0';

+

+  /* Ensure we don't match at the first 'x'.  */

+  h[0] = 'x';

+

+  char *exp_result = stupid_strstr (h, n);

+  FOR_EACH_IMPL (impl, 0)

+    check_result (impl, h, n, exp_result);

+}

+

 static int

 test_main (void)

 {

@@ -158,6 +184,7 @@ test_main (void)

   check1 ();

   check2 ();

+  pr23637 ();

   printf ("%23s", "");

   FOR_EACH_IMPL (impl, 0)

@@ -202,6 +229,9 @@ test_main (void)

 	do_test (15, 9, hlen, klen, 1);

 	do_test (15, 15, hlen, klen, 0);

 	do_test (15, 15, hlen, klen, 1);

+

+	do_test (15, 15, hlen + klen * 4, klen * 4, 0);

+	do_test (15, 15, hlen + klen * 4, klen * 4, 1);

       }

   do_test (0, 0, page_size - 1, 16, 0);