|
 |
190885 |
From edb82a1c8cb1e29dae2fa897013aa5f74edc537e Mon Sep 17 00:00:00 2001
|
|
|
190885 |
From: Noah Goldstein <goldstein.w.n@gmail.com>
|
|
|
190885 |
Date: Sun, 9 Jan 2022 16:02:28 -0600
|
|
|
190885 |
Subject: [PATCH] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]
|
|
|
190885 |
|
|
|
190885 |
Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
|
|
|
190885 |
__wcscmp_evex. For x86_64 this covers the entire address range so any
|
|
|
190885 |
length larger could not possibly be used to bound `s1` or `s2`.
|
|
|
190885 |
|
|
|
190885 |
test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
|
|
|
190885 |
|
|
|
190885 |
Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
|
|
|
190885 |
(cherry picked from commit 7e08db3359c86c94918feb33a1182cd0ff3bb10b)
|
|
|
190885 |
---
|
|
|
190885 |
sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++
|
|
|
190885 |
1 file changed, 10 insertions(+)
|
|
|
190885 |
|
|
|
190885 |
diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
|
|
|
190885 |
index 459eeed0..d5aa6daa 100644
|
|
|
190885 |
--- a/sysdeps/x86_64/multiarch/strcmp-evex.S
|
|
|
190885 |
+++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
|
|
|
190885 |
@@ -97,6 +97,16 @@ ENTRY (STRCMP)
|
|
|
190885 |
je L(char0)
|
|
|
190885 |
jb L(zero)
|
|
|
190885 |
# ifdef USE_AS_WCSCMP
|
|
|
190885 |
+# ifndef __ILP32__
|
|
|
190885 |
+ movq %rdx, %rcx
|
|
|
190885 |
+ /* Check if length could overflow when multiplied by
|
|
|
190885 |
+ sizeof(wchar_t). Checking top 8 bits will cover all potential
|
|
|
190885 |
+ overflow cases as well as redirect cases where its impossible to
|
|
|
190885 |
+ length to bound a valid memory region. In these cases just use
|
|
|
190885 |
+ 'wcscmp'. */
|
|
|
190885 |
+ shrq $56, %rcx
|
|
|
190885 |
+ jnz __wcscmp_evex
|
|
|
190885 |
+# endif
|
|
|
190885 |
/* Convert units: from wide to byte char. */
|
|
|
190885 |
shl $2, %RDX_LP
|
|
|
190885 |
# endif
|
|
|
190885 |
--
|
|
|
190885 |
GitLab
|
|
|
190885 |
|