| commit 08beb3a3f4f46e306fffe184a08c5664bf0e13d6 |
| Author: Noah Goldstein <goldstein.w.n@gmail.com> |
| Date: Sun Jan 9 16:02:28 2022 -0600 |
| |
| x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] |
| |
| Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to |
| __wcscmp_evex. For x86_64 this covers the entire address range so any |
| length larger could not possibly be used to bound `s1` or `s2`. |
| |
| test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass. |
| |
| Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com> |
| (cherry picked from commit 7e08db3359c86c94918feb33a1182cd0ff3bb10b) |
| |
| diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S |
| index 459eeed09f5e276e..d5aa6daa46c7ed25 100644 |
| |
| |
| @@ -97,6 +97,16 @@ ENTRY (STRCMP) |
| je L(char0) |
| jb L(zero) |
| # ifdef USE_AS_WCSCMP |
| +# ifndef __ILP32__ |
| + movq %rdx, %rcx |
| + /* Check if length could overflow when multiplied by |
| + sizeof(wchar_t). Checking top 8 bits will cover all potential |
| + overflow cases as well as redirect cases where its impossible to |
| + length to bound a valid memory region. In these cases just use |
| + 'wcscmp'. */ |
| + shrq $56, %rcx |
| + jnz __wcscmp_evex |
| +# endif |
| /* Convert units: from wide to byte char. */ |
| shl $2, %RDX_LP |
| # endif |