190885
From edb82a1c8cb1e29dae2fa897013aa5f74edc537e Mon Sep 17 00:00:00 2001
190885
From: Noah Goldstein <goldstein.w.n@gmail.com>
190885
Date: Sun, 9 Jan 2022 16:02:28 -0600
190885
Subject: [PATCH] x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]
190885
190885
Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
190885
__wcscmp_evex. For x86_64 this covers the entire address range so any
190885
length larger could not possibly be used to bound `s1` or `s2`.
190885
190885
test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
190885
190885
Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
190885
(cherry picked from commit 7e08db3359c86c94918feb33a1182cd0ff3bb10b)
190885
---
190885
 sysdeps/x86_64/multiarch/strcmp-evex.S | 10 ++++++++++
190885
 1 file changed, 10 insertions(+)
190885
190885
diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
190885
index 459eeed0..d5aa6daa 100644
190885
--- a/sysdeps/x86_64/multiarch/strcmp-evex.S
190885
+++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
190885
@@ -97,6 +97,16 @@ ENTRY (STRCMP)
190885
 	je	L(char0)
190885
 	jb	L(zero)
190885
 #  ifdef USE_AS_WCSCMP
190885
+#  ifndef __ILP32__
190885
+	movq	%rdx, %rcx
190885
+	/* Check if length could overflow when multiplied by
190885
+	   sizeof(wchar_t). Checking top 8 bits will cover all potential
190885
+	   overflow cases as well as redirect cases where its impossible to
190885
+	   length to bound a valid memory region. In these cases just use
190885
+	   'wcscmp'.  */
190885
+	shrq	$56, %rcx
190885
+	jnz	__wcscmp_evex
190885
+#  endif
190885
 	/* Convert units: from wide to byte char.  */
190885
 	shl	$2, %RDX_LP
190885
 #  endif
190885
-- 
190885
GitLab
190885