[PATCH, AARCH64] Fix memchr when buffer size is 0
Richard Earnshaw
rearnsha@arm.com
Tue Aug 19 10:49:00 GMT 2014
A slightly obscure corner-case bug has come to light with the memchr
code that I published recently. If the buffer size is 0, then the code
could return the wrong result. Furthermore, in that case, it is unsafe
to dereference memory at all.
The fix is trivial, but adds a branch to the critical path: there's not
much we can do about that.
Applied.
2014-08-19 Richard Earnshaw <rearnsha@arm.com>
* libc/machine/aarch64/memchr.S: Add check for zero-sized buffer.
-------------- next part --------------
Index: memchr.S
===================================================================
RCS file: /cvs/src/src/newlib/libc/machine/aarch64/memchr.S,v
retrieving revision 1.1
diff -u -p -r1.1 memchr.S
--- memchr.S 11 Jul 2014 09:10:50 -0000 1.1
+++ memchr.S 19 Aug 2014 09:30:23 -0000
@@ -79,6 +79,8 @@
.endm
def_fn memchr
+ /* Do not dereference srcin if no bytes to compare. */
+ cbz cntin, .Lzero_length
/*
* Magic constant 0x40100401 allows us to identify which lane matches
* the requested byte.
@@ -166,5 +168,9 @@ def_fn memchr
csel result, xzr, result, eq
ret
+.Lzero_length:
+ mov result, #0
+ ret
+
.size memchr, . - memchr
#endif
More information about the Newlib
mailing list