This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.22-130-g2f5c175


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  2f5c1750558fe64bac361f52d6827ab1bcfe52bc (commit)
       via  0d0325ed4b1052f32069eb3a51f7e16485a73568 (commit)
      from  f3dcae82d54e5097e18e1d6ef4ff55c2ea4e621e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2f5c1750558fe64bac361f52d6827ab1bcfe52bc

commit 2f5c1750558fe64bac361f52d6827ab1bcfe52bc
Author: OndÅ?ej Bílka <neleai@seznam.cz>
Date:   Sat Jul 11 17:44:10 2015 +0200

    Handle overflow in __hcreate_r
    
    Hi,
    
    As in bugzilla entry there is overflow in hsearch when looking for prime
    number as SIZE_MAX - 1 is divisible by 5. We fix that by rejecting large
    inputs before looking for prime.
    
    	* misc/hsearch_r.c (__hcreate_r): Handle overflow.

diff --git a/ChangeLog b/ChangeLog
index 0dfa3b3..73645c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2015-08-25  OndÅ?ej Bílka  <neleai@seznam.cz>
+
+	* debug/strcpy_chk.c: Improve performance.
+	* debug/stpcpy_chk.c: Likewise.
+	* sysdeps/x86_64/strcpy_chk.S: Remove.
+	* sysdeps/x86_64/stpcpy_chk.S: Remove.
+
+	[BZ #18240]
+	* misc/hsearch_r.c (__hcreate_r): Handle overflow.
+
 2015-08-25  H.J. Lu  <hongjiu.lu@intel.com>
 
 	[BZ #15128]
diff --git a/misc/hsearch_r.c b/misc/hsearch_r.c
index 9f55e84..559df29 100644
--- a/misc/hsearch_r.c
+++ b/misc/hsearch_r.c
@@ -19,7 +19,7 @@
 #include <errno.h>
 #include <malloc.h>
 #include <string.h>
-
+#include <stdint.h>
 #include <search.h>
 
 /* [Aho,Sethi,Ullman] Compilers: Principles, Techniques and Tools, 1986
@@ -73,6 +73,13 @@ __hcreate_r (nel, htab)
       return 0;
     }
 
+  if (nel >= SIZE_MAX / sizeof (_ENTRY))
+    {
+      __set_errno (ENOMEM);
+      return 0;
+    }
+
+
   /* There is still another table active. Return with error. */
   if (htab->table != NULL)
     return 0;

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0d0325ed4b1052f32069eb3a51f7e16485a73568

commit 0d0325ed4b1052f32069eb3a51f7e16485a73568
Author: OndÅ?ej Bílka <neleai@seznam.cz>
Date:   Tue Aug 25 12:23:24 2015 +0200

    Fix strcpy_chk and stpcpy_chk performance.
    
    Hi, as I wrote in previous patches a performance of checked strcpy and
    stpcpy is terrible as these don't use sse2 and are around four times
    slower that strcpy and stpcpy now.
    
    As this bug shows that these functions are not performance sensitive I
    decided just to improve generic implementation instead for easier
    maintainance.
    
            * debug/strcpy_chk.c: Improve performance.
            * debug/stpcpy_chk.c: Likewise.
            * sysdeps/x86_64/strcpy_chk.S: Remove.
            * sysdeps/x86_64/stpcpy_chk.S: Remove.

diff --git a/debug/stpcpy_chk.c b/debug/stpcpy_chk.c
index 91c5031..d9e4563 100644
--- a/debug/stpcpy_chk.c
+++ b/debug/stpcpy_chk.c
@@ -24,21 +24,11 @@
 
 /* Copy SRC to DEST, returning the address of the terminating '\0' in DEST.  */
 char *
-__stpcpy_chk (dest, src, destlen)
-     char *dest;
-     const char *src;
-     size_t destlen;
+__stpcpy_chk (char *dest, const char *src, size_t destlen)
 {
-  char *d = dest;
-  const char *s = src;
-
-  do
-    {
-      if (__glibc_unlikely (destlen-- == 0))
-	__chk_fail ();
-      *d++ = *s;
-    }
-  while (*s++ != '\0');
-
-  return d - 1;
+  size_t len = strlen (src);
+  if (len >= destlen)
+    __chk_fail ();
+
+  return memcpy (dest, src, len + 1) + len;
 }
diff --git a/debug/strcpy_chk.c b/debug/strcpy_chk.c
index 91bf0dd..7cacbfe 100644
--- a/debug/strcpy_chk.c
+++ b/debug/strcpy_chk.c
@@ -23,45 +23,11 @@
 
 /* Copy SRC to DEST with checking of destination buffer overflow.  */
 char *
-__strcpy_chk (dest, src, destlen)
-     char *dest;
-     const char *src;
-     size_t destlen;
+__strcpy_chk (char *dest, const char *src, size_t destlen)
 {
-  char c;
-  char *s = (char *) src;
-  const ptrdiff_t off = dest - s;
+  size_t len = strlen (src);
+  if (len >= destlen)
+    __chk_fail ();
 
-  while (__builtin_expect (destlen >= 4, 0))
-    {
-      c = s[0];
-      s[off] = c;
-      if (c == '\0')
-        return dest;
-      c = s[1];
-      s[off + 1] = c;
-      if (c == '\0')
-        return dest;
-      c = s[2];
-      s[off + 2] = c;
-      if (c == '\0')
-        return dest;
-      c = s[3];
-      s[off + 3] = c;
-      if (c == '\0')
-        return dest;
-      destlen -= 4;
-      s += 4;
-    }
-
-  do
-    {
-      if (__glibc_unlikely (destlen-- == 0))
-        __chk_fail ();
-      c = *s;
-      *(s++ + off) = c;
-    }
-  while (c != '\0');
-
-  return dest;
+  return memcpy (dest, src, len + 1);
 }
diff --git a/sysdeps/x86_64/stpcpy_chk.S b/sysdeps/x86_64/stpcpy_chk.S
deleted file mode 100644
index 905e8d7..0000000
--- a/sysdeps/x86_64/stpcpy_chk.S
+++ /dev/null
@@ -1,3 +0,0 @@
-#define USE_AS_STPCPY_CHK
-#define STRCPY_CHK __stpcpy_chk
-#include <sysdeps/x86_64/strcpy_chk.S>
diff --git a/sysdeps/x86_64/strcpy_chk.S b/sysdeps/x86_64/strcpy_chk.S
deleted file mode 100644
index 24e51c6..0000000
--- a/sysdeps/x86_64/strcpy_chk.S
+++ /dev/null
@@ -1,208 +0,0 @@
-/* strcpy/stpcpy checking implementation for x86-64.
-   Copyright (C) 2002-2015 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-   Contributed by Andreas Jaeger <aj@suse.de>, 2002.
-   Adopted into checking version by Jakub Jelinek <jakub@redhat.com>.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, see
-   <http://www.gnu.org/licenses/>.  */
-
-#include <sysdep.h>
-#include "asm-syntax.h"
-
-#ifndef USE_AS_STPCPY_CHK
-# define STRCPY_CHK __strcpy_chk
-#endif
-
-	.text
-ENTRY (STRCPY_CHK)
-	movq	%rsi, %rcx	/* Source register. */
-	andl	$7, %ecx	/* mask alignment bits */
-#ifndef USE_AS_STPCPY_CHK
-	movq	%rdi, %r10	/* Duplicate destination pointer.  */
-#endif
-	jz 5f			/* aligned => start loop */
-
-	cmpq	$8, %rdx	/* Check if only few bytes left in
-				   destination.  */
-	jb	50f
-
-	subq	$8, %rcx	/* We need to align to 8 bytes.  */
-	addq	%rcx, %rdx	/* Subtract count of stored bytes
-				   in the cycle below from destlen.  */
-
-	/* Search the first bytes directly.  */
-0:
-	movb	(%rsi), %al	/* Fetch a byte */
-	testb	%al, %al	/* Is it NUL? */
-	movb	%al, (%rdi)	/* Store it */
-	jz	4f		/* If it was NUL, done! */
-	incq	%rsi
-	incq	%rdi
-	incl	%ecx
-	jnz	0b
-
-5:
-	movq $0xfefefefefefefeff,%r8
-	cmpq	$32, %rdx	/* Are there enough bytes in destination
-				   for the next unrolled round?  */
-	jb	60f		/* If not, avoid the unrolled loop.  */
-
-	/* Now the sources is aligned.  Unfortunatly we cannot force
-	   to have both source and destination aligned, so ignore the
-	   alignment of the destination.  */
-	.p2align 4
-1:
-	/* 1st unroll.  */
-	movq	(%rsi), %rax	/* Read double word (8 bytes).  */
-	addq	$8, %rsi	/* Adjust pointer for next word.  */
-	movq	%rax, %r9	/* Save a copy for NUL finding.  */
-	addq	%r8, %r9	/* add the magic value to the word.  We get
-				   carry bits reported for each byte which
-				   is *not* 0 */
-	jnc	3f		/* highest byte is NUL => return pointer */
-	xorq	%rax, %r9	/* (word+magic)^word */
-	orq	%r8, %r9	/* set all non-carry bits */
-	incq	%r9		/* add 1: if one carry bit was *not* set
-				   the addition will not result in 0.  */
-
-	jnz	3f		/* found NUL => return pointer */
-
-	movq	%rax, (%rdi)	/* Write value to destination.  */
-	addq	$8, %rdi	/* Adjust pointer.  */
-
-	/* 2nd unroll.  */
-	movq	(%rsi), %rax	/* Read double word (8 bytes).  */
-	addq	$8, %rsi	/* Adjust pointer for next word.  */
-	movq	%rax, %r9	/* Save a copy for NUL finding.  */
-	addq	%r8, %r9	/* add the magic value to the word.  We get
-				   carry bits reported for each byte which
-				   is *not* 0 */
-	jnc	3f		/* highest byte is NUL => return pointer */
-	xorq	%rax, %r9	/* (word+magic)^word */
-	orq	%r8, %r9	/* set all non-carry bits */
-	incq	%r9		/* add 1: if one carry bit was *not* set
-				   the addition will not result in 0.  */
-
-	jnz	3f		/* found NUL => return pointer */
-
-	movq	%rax, (%rdi)	/* Write value to destination.  */
-	addq	$8, %rdi	/* Adjust pointer.  */
-
-	/* 3rd unroll.  */
-	movq	(%rsi), %rax	/* Read double word (8 bytes).  */
-	addq	$8, %rsi	/* Adjust pointer for next word.  */
-	movq	%rax, %r9	/* Save a copy for NUL finding.  */
-	addq	%r8, %r9	/* add the magic value to the word.  We get
-				   carry bits reported for each byte which
-				   is *not* 0 */
-	jnc	3f		/* highest byte is NUL => return pointer */
-	xorq	%rax, %r9	/* (word+magic)^word */
-	orq	%r8, %r9	/* set all non-carry bits */
-	incq	%r9		/* add 1: if one carry bit was *not* set
-				   the addition will not result in 0.  */
-
-	jnz	3f		/* found NUL => return pointer */
-
-	movq	%rax, (%rdi)	/* Write value to destination.  */
-	addq	$8, %rdi	/* Adjust pointer.  */
-
-	/* 4th unroll.  */
-	movq	(%rsi), %rax	/* Read double word (8 bytes).  */
-	addq	$8, %rsi	/* Adjust pointer for next word.  */
-	movq	%rax, %r9	/* Save a copy for NUL finding.  */
-	addq	%r8, %r9	/* add the magic value to the word.  We get
-				   carry bits reported for each byte which
-				   is *not* 0 */
-	jnc	3f		/* highest byte is NUL => return pointer */
-	xorq	%rax, %r9	/* (word+magic)^word */
-	orq	%r8, %r9	/* set all non-carry bits */
-	incq	%r9		/* add 1: if one carry bit was *not* set
-				   the addition will not result in 0.  */
-
-	jnz	3f		/* found NUL => return pointer */
-
-	subq	$32, %rdx	/* Adjust destlen.  */
-	movq	%rax, (%rdi)	/* Write value to destination.  */
-	addq	$8, %rdi	/* Adjust pointer.  */
-	cmpq	$32, %rdx	/* Are there enough bytes in destination
-				   for the next unrolled round?  */
-	jae	1b		/* Next iteration.  */
-
-60:
-	cmpq	$8, %rdx	/* Are there enough bytes in destination
-				   for the next unrolled round?  */
-	jb	50f		/* Now, copy and check byte by byte.  */
-
-	movq	(%rsi), %rax	/* Read double word (8 bytes).  */
-	addq	$8, %rsi	/* Adjust pointer for next word.  */
-	movq	%rax, %r9	/* Save a copy for NUL finding.  */
-	addq	%r8, %r9	/* add the magic value to the word.  We get
-				   carry bits reported for each byte which
-				   is *not* 0 */
-	jnc	3f		/* highest byte is NUL => return pointer */
-	xorq	%rax, %r9	/* (word+magic)^word */
-	orq	%r8, %r9	/* set all non-carry bits */
-	incq	%r9		/* add 1: if one carry bit was *not* set
-				   the addition will not result in 0.  */
-
-	jnz	3f		/* found NUL => return pointer */
-
-	subq	$8, %rdx	/* Adjust destlen.  */
-	movq	%rax, (%rdi)	/* Write value to destination.  */
-	addq	$8, %rdi	/* Adjust pointer.  */
-	jmp	60b		/* Next iteration.  */
-
-	/* Do the last few bytes. %rax contains the value to write.
-	   The loop is unrolled twice.  */
-	.p2align 4
-3:
-	/* Note that stpcpy needs to return with the value of the NUL
-	   byte.  */
-	movb	%al, (%rdi)	/* 1st byte.  */
-	testb	%al, %al	/* Is it NUL.  */
-	jz	4f		/* yes, finish.  */
-	incq	%rdi		/* Increment destination.  */
-	movb	%ah, (%rdi)	/* 2nd byte.  */
-	testb	%ah, %ah	/* Is it NUL?.  */
-	jz	4f		/* yes, finish.  */
-	incq	%rdi		/* Increment destination.  */
-	shrq	$16, %rax	/* Shift...  */
-	jmp	3b		/* and look at next two bytes in %rax.  */
-
-51:
-	/* Search the bytes directly, checking for overflows.  */
-	incq	%rsi
-	incq	%rdi
-	decq	%rdx
-	jz	HIDDEN_JUMPTARGET (__chk_fail)
-52:
-	movb	(%rsi), %al	/* Fetch a byte */
-	testb	%al, %al	/* Is it NUL? */
-	movb	%al, (%rdi)	/* Store it */
-	jnz	51b		/* If it was NUL, done! */
-4:
-#ifdef USE_AS_STPCPY_CHK
-	movq	%rdi, %rax	/* Destination is return value.  */
-#else
-	movq	%r10, %rax	/* Source is return value.  */
-#endif
-	retq
-
-50:
-	testq	%rdx, %rdx
-	jnz	52b
-	jmp	HIDDEN_JUMPTARGET (__chk_fail)
-
-END (STRCPY_CHK)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                   |   10 ++
 debug/stpcpy_chk.c          |   22 ++----
 debug/strcpy_chk.c          |   44 +--------
 misc/hsearch_r.c            |    9 ++-
 sysdeps/x86_64/stpcpy_chk.S |    3 -
 sysdeps/x86_64/strcpy_chk.S |  208 -------------------------------------------
 6 files changed, 29 insertions(+), 267 deletions(-)
 delete mode 100644 sysdeps/x86_64/stpcpy_chk.S
 delete mode 100644 sysdeps/x86_64/strcpy_chk.S


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]