[PATCH v1] x86: memcmp-avx2-movbe.S and memcmp-evex-movbe.S fix overflow bug.
Siddhesh Poyarekar
siddhesh@gotplt.org
Wed Jun 9 06:47:57 GMT 2021
On 6/9/21 12:02 PM, Noah Goldstein wrote:
> Wait are you saying that the return value overflowing causes UB or
> that the act of passing a maxlen where s + maxlen * sizeof(wchar_t) is
> outside range object is UB?
Not specifically the return value, but more broadly, causing wcsnlen to
invoke undefined behaviour, which could include the former.
> If the former then why is the follow okay:
>
> Previous example with a string whose length is 1000
> but because wcslen is passed maxlen where maxlen * sizeof(wchar_t)
> overflows and leads to a result less than 1000 the implementation of
> wcslen in wcsnlen-avx2.S will return a length less than 1000.
>
>
> If the latter then:
>
> For test-wcsnlen which redirects to test-strnlen
> If the UB is when is s+maxlen*sizeof(wchar_t) is outside object bound
> then s + SIZE_MAX + sizeof(wchar_t) surely is.
>
> Although even then test-strnlen s + SIZE_MAX will also overflow if s non
> null.
That is a good catch; I did not notice that. That should be SIZE_MAX /
sizeof (CHAR).
Thanks,
Siddhesh
More information about the Libc-alpha
mailing list