tile: Check for pointer add overflow in memchr

As was done in b224637928e9, check for large size causing an overflow
in the loop that walks over the array.

Branching out of line here is the fastest approach for handling this
problem, since tile can bundle the instructions to compute the branch
test in parallel with doing the required memchr loop setup computation.

Unfortunately, the existing saturated ops (e.g. tilegx addxsc) are
all signed saturing ops, so don't help with unsigned saturation.

2 files changed, 8 insertions, 0 deletions

diff --git a/sysdeps/tile/tilegx/memchr.c b/sysdeps/tile/tilegx/memchr.c
index 34df19d..7da0f79 100644
--- a/sysdeps/tile/tilegx/memchr.c
+++ b/sysdeps/tile/tilegx/memchr.c
@@ -51,6 +51,10 @@ __memchr (const void *s, int c, size_t n)
   /* Compute the address of the last byte. */
   last_byte_ptr = (const char *) s + n - 1;
 
+  /* Handle possible addition overflow.  */
+  if (__glibc_unlikely ((uintptr_t) last_byte_ptr < (uintptr_t) s))
+    last_byte_ptr = (const char *) UINTPTR_MAX;
+
   /* Compute the address of the word containing the last byte. */
   last_word_ptr = (const uint64_t *) ((uintptr_t) last_byte_ptr & -8);
 
diff --git a/sysdeps/tile/tilepro/memchr.c b/sysdeps/tile/tilepro/memchr.c
index 1848a9c..fba1f70 100644
--- a/sysdeps/tile/tilepro/memchr.c
+++ b/sysdeps/tile/tilepro/memchr.c
@@ -51,6 +51,10 @@ __memchr (const void *s, int c, size_t n)
   /* Compute the address of the last byte. */
   last_byte_ptr = (const char *) s + n - 1;
 
+  /* Handle possible addition overflow.  */
+  if (__glibc_unlikely ((uintptr_t) last_byte_ptr < (uintptr_t) s))
+    last_byte_ptr = (const char *) UINTPTR_MAX;
+
   /* Compute the address of the word containing the last byte. */
   last_word_ptr = (const uint32_t *) ((uintptr_t) last_byte_ptr & -4);