On POWER7 memchr.S: 24 ENTRY (__memchr) 25 CALL_MCOUNT 3 26 dcbt 0,r3 27 clrrdi r8,r3,3 28 insrdi r4,r4,8,48 29 add r7,r3,r5 /* Calculate the last acceptable address. */ The r7 addition should handle overflow, otherwise pointer check in the code may fail resulting in wrong output. A simple test triggers the issue: -- #define _GNU_SOURCE 1 #include <string.h> #include <stdio.h> void * my_rawmemchr (const void *s, int c) { if (c != '\0') return memchr (s, c, (size_t)-1); return (char *)s + strlen (s); } int main () { // p=0x3fffb057fe00 | aling=10 int seek_char = 0x41; size_t align = 10; unsigned char input [32]; input[10] = 0x34; input[11] = 0x78; input[12] = 0x3d; input[13] = 0x7b; input[14] = 0xa1; input[15] = seek_char; printf ("%p\n", my_rawmemchr (input+align, seek_char)); printf ("%p\n", rawmemchr (input+align, seek_char)); return 0; } --
Fixed by b224637.
Setting security- until demonstrated application security impact.