From 0dacd7a3b9401f7eb7160cf79231a4573773c5da Mon Sep 17 00:00:00 2001 From: Chris Metcalf Date: Mon, 22 Dec 2014 14:50:26 -0500 Subject: tilegx: remove implicit boolean conversion in strstr. [BZ #17746] The __builtin_expect() truncated a uint64_t to a 32-bit long in ILP32 mode, discarding the high 32 bits, and potentially missing the NUL terminator that we were searching for with SIMD operations. Explicitly compare to zero to fix the problem. --- ChangeLog | 6 ++++++ NEWS | 2 +- sysdeps/tile/tilegx/strstr.c | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4ad8b90..77abebf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2014-12-22 Chris Metcalf + + [BZ #17746] + * sysdeps/tile/tilegx/strstr.c (STRSTR2): Remove implicit boolean + conversion. + 2014-12-22 Steve Ellcey * sysdeps/unix/mips/sysdep.h (__mips_isa_rev): Set diff --git a/NEWS b/NEWS index cf0756b..56dfff0 100644 --- a/NEWS +++ b/NEWS @@ -15,7 +15,7 @@ Version 2.21 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583, 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17647, 17653, 17657, 17664, 17665, 17668, 17682, 17717, 17719, - 17722, 17724, 17725, 17733, 17744, 17745. + 17722, 17724, 17725, 17733, 17744, 17745, 17746. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for diff --git a/sysdeps/tile/tilegx/strstr.c b/sysdeps/tile/tilegx/strstr.c index d04f129..de5adaf 100644 --- a/sysdeps/tile/tilegx/strstr.c +++ b/sysdeps/tile/tilegx/strstr.c @@ -154,7 +154,7 @@ STRSTR2 (const char *haystack_start, const char *needle) /* Look for a terminating '\0'. */ zero_matches = __insn_v1cmpeqi (v, 0); uint64_t byte1_matches = __insn_v1cmpeq (v, byte1); - if (__builtin_expect (zero_matches, 0)) + if (__builtin_expect (zero_matches != 0, 0)) { /* This is the last vector. Don't worry about matches crossing into the next vector. Shift the second byte -- cgit v1.1