summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg McGary <greg@mcgary.org>2000-08-25 21:09:43 +0000
committerGreg McGary <greg@mcgary.org>2000-08-25 21:09:43 +0000
commit53c065086ba304d40b23f8539008757090ff6a58 (patch)
treeace9dab91c4826b8e5231d057a1d6dad42e27ffc
parentad7534c8f08c31f3e140a31e4099e7e0b5e193d2 (diff)
downloadglibc-53c065086ba304d40b23f8539008757090ff6a58.tar
glibc-53c065086ba304d40b23f8539008757090ff6a58.tar.gz
glibc-53c065086ba304d40b23f8539008757090ff6a58.tar.bz2
glibc-53c065086ba304d40b23f8539008757090ff6a58.zip
* sysdeps/i386/memchr.S: Check high bound against
chars actually scanned. * sysdeps/i386/memcmp.S: Likewise. * sysdeps/i386/stpncpy.S: Adjust high-bound check to account for pointers that lie one beyond end-of-buffer.
-rw-r--r--sysdeps/i386/memchr.S3
-rw-r--r--sysdeps/i386/memcmp.S8
-rw-r--r--sysdeps/i386/stpncpy.S4
3 files changed, 9 insertions, 6 deletions
diff --git a/sysdeps/i386/memchr.S b/sysdeps/i386/memchr.S
index d01a31c855..cae0fd27d8 100644
--- a/sysdeps/i386/memchr.S
+++ b/sysdeps/i386/memchr.S
@@ -53,7 +53,7 @@ ENTRY (BP_SYM (__memchr))
movl STR(%esp), %eax /* str: pointer to memory block. */
movl CHR(%esp), %edx /* c: byte we are looking for. */
movl LEN(%esp), %esi /* len: length of memory block. */
- CHECK_BOUNDS_BOTH_WIDE (%eax, STR(%esp), %esi)
+ CHECK_BOUNDS_LOW (%eax, STR(%esp))
/* If my must not test more than three characters test
them one by one. This is especially true for 0. */
@@ -314,6 +314,7 @@ L(8): testb %cl, %cl /* test first byte in dword */
/* No further test needed we we know it is one of the four bytes. */
L(9):
#if __BOUNDED_POINTERS__
+ CHECK_BOUNDS_HIGH (%eax, STR(%esp), jb)
/* If RTN pointer is phony, don't copy return value into it. */
movl RTN(%esp), %ecx
testl %ecx, %ecx
diff --git a/sysdeps/i386/memcmp.S b/sysdeps/i386/memcmp.S
index 8d855b9d2a..d8b60d06c5 100644
--- a/sysdeps/i386/memcmp.S
+++ b/sysdeps/i386/memcmp.S
@@ -38,8 +38,8 @@ ENTRY (BP_SYM (memcmp))
movl BLK1(%esp), %esi
movl BLK2(%esp), %edi
movl LEN(%esp), %ecx
- CHECK_BOUNDS_BOTH_WIDE (%esi, BLK1(%esp), %ecx)
- CHECK_BOUNDS_BOTH_WIDE (%edi, BLK2(%esp), %ecx)
+ CHECK_BOUNDS_LOW (%esi, BLK1(%esp))
+ CHECK_BOUNDS_LOW (%edi, BLK2(%esp))
cld /* Set direction of comparison. */
@@ -62,7 +62,9 @@ ENTRY (BP_SYM (memcmp))
Note that the following operation does not change 0xffffffff. */
orb $1, %al /* Change 0 to 1. */
-L(1): popl %esi /* Restore registers. */
+L(1): CHECK_BOUNDS_HIGH (%esi, BLK1(%esp), jbe)
+ CHECK_BOUNDS_HIGH (%edi, BLK2(%esp), jbe)
+ popl %esi /* Restore registers. */
movl %edx, %edi
LEAVE
diff --git a/sysdeps/i386/stpncpy.S b/sysdeps/i386/stpncpy.S
index 8ca2c9dccc..a6d510e365 100644
--- a/sysdeps/i386/stpncpy.S
+++ b/sysdeps/i386/stpncpy.S
@@ -143,8 +143,8 @@ L(3): decl %ecx /* all bytes written? */
L(9):
#if __BOUNDED_POINTERS__
addl %eax, %esi /* undo magic: %esi now points beyond end of SRC */
- CHECK_BOUNDS_HIGH (%esi, SRC(%esp), jb)
- CHECK_BOUNDS_HIGH (%eax, DEST(%esp), jb)
+ CHECK_BOUNDS_HIGH (%esi, SRC(%esp), jbe)
+ CHECK_BOUNDS_HIGH (%eax, DEST(%esp), jbe)
RETURN_BOUNDED_POINTER (DEST(%esp))
#endif
popl %esi /* restore saved register content */