* sysdeps/i386/memchr.S: Check high bound against

chars actually scanned. * sysdeps/i386/memcmp.S: Likewise. * sysdeps/i386/stpncpy.S: Adjust high-bound check to account for pointers that lie one beyond end-of-buffer.
2000-08-25 21:09:43 +00:00 · 2000-08-25 21:09:43 +00:00 · 53c065086b
parent ad7534c8f0
commit 53c065086b
3 changed files with 9 additions and 6 deletions
--- a/sysdeps/i386/memchr.S
+++ b/sysdeps/i386/memchr.S
@ -53,7 +53,7 @@ ENTRY (BP_SYM (__memchr))
 	movl STR(%esp), %eax	/* str: pointer to memory block.  */
 	movl CHR(%esp), %edx	/* c: byte we are looking for.  */
 	movl LEN(%esp), %esi	/* len: length of memory block.  */
-	CHECK_BOUNDS_BOTH_WIDE (%eax, STR(%esp), %esi)
+	CHECK_BOUNDS_LOW (%eax, STR(%esp))

 	/* If my must not test more than three characters test
 	   them one by one.  This is especially true for 0.  */
@ -314,6 +314,7 @@ L(8):	testb %cl, %cl		/* test first byte in dword */
 	/* No further test needed we we know it is one of the four bytes.  */
 L(9):
 #if __BOUNDED_POINTERS__
+	CHECK_BOUNDS_HIGH (%eax, STR(%esp), jb)
 	/* If RTN pointer is phony, don't copy return value into it.  */
 	movl RTN(%esp), %ecx
 	testl %ecx, %ecx
--- a/sysdeps/i386/memcmp.S
+++ b/sysdeps/i386/memcmp.S
@ -38,8 +38,8 @@ ENTRY (BP_SYM (memcmp))
 	movl BLK1(%esp), %esi
 	movl BLK2(%esp), %edi
 	movl LEN(%esp), %ecx
-	CHECK_BOUNDS_BOTH_WIDE (%esi, BLK1(%esp), %ecx)
-	CHECK_BOUNDS_BOTH_WIDE (%edi, BLK2(%esp), %ecx)
+	CHECK_BOUNDS_LOW (%esi, BLK1(%esp))
+	CHECK_BOUNDS_LOW (%edi, BLK2(%esp))

 	cld			/* Set direction of comparison.  */

@ -62,7 +62,9 @@ ENTRY (BP_SYM (memcmp))
 	   Note that the following operation does not change 0xffffffff.  */
 	orb $1, %al		/* Change 0 to 1.  */

-L(1):	popl %esi		/* Restore registers.  */
+L(1):	CHECK_BOUNDS_HIGH (%esi, BLK1(%esp), jbe)
+	CHECK_BOUNDS_HIGH (%edi, BLK2(%esp), jbe)
+	popl %esi		/* Restore registers.  */
 	movl %edx, %edi

 	LEAVE
--- a/sysdeps/i386/stpncpy.S
+++ b/sysdeps/i386/stpncpy.S
@ -143,8 +143,8 @@ L(3):	decl %ecx		/* all bytes written? */
 L(9):
 #if __BOUNDED_POINTERS__
 	addl %eax, %esi		/* undo magic: %esi now points beyond end of SRC */
-	CHECK_BOUNDS_HIGH (%esi, SRC(%esp), jb)
-	CHECK_BOUNDS_HIGH (%eax, DEST(%esp), jb)
+	CHECK_BOUNDS_HIGH (%esi, SRC(%esp), jbe)
+	CHECK_BOUNDS_HIGH (%eax, DEST(%esp), jbe)
 	RETURN_BOUNDED_POINTER (DEST(%esp))
 #endif
 	popl %esi		/* restore saved register content */