Merge branch release/2.28/master into ibm/2.28/master

2 files changed, 16 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 1d00542a5d..1884f741e6 100644
--- a/NEWS
+++ b/NEWS
@@ -75,6 +75,7 @@ The following bugs are resolved with this release:
   [25232] No const correctness for strchr et al. for Clang++
   [25414] 'glob' use-after-free bug (CVE-2020-1752)
   [25423] Array overflow in backtrace on powerpc
+  [25933] Off by one error in __strncmp_avx2
 
 Security related changes:
 
diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S
index 78fc116877..156c19496a 100644
--- a/sysdeps/x86_64/multiarch/strcmp-avx2.S
+++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S
@@ -591,7 +591,14 @@ L(loop_cross_page_2_vec):
 	movl	$(PAGE_SIZE / (VEC_SIZE * 4) - 1), %esi
 
 	testq	%rdi, %rdi
+# ifdef USE_AS_STRNCMP
+	/* At this point, if %rdi value is 0, it already tested
+	   VEC_SIZE*4+%r10 byte starting from %rax. This label
+	   checks whether strncmp maximum offset reached or not.  */
+	je	L(string_nbyte_offset_check)
+# else
 	je	L(back_to_loop)
+# endif
 	tzcntq	%rdi, %rcx
 	addq	%r10, %rcx
 	/* Adjust for number of bytes skipped.  */
@@ -627,6 +634,14 @@ L(loop_cross_page_2_vec):
 	VZEROUPPER
 	ret
 
+# ifdef USE_AS_STRNCMP
+L(string_nbyte_offset_check):
+	leaq	(VEC_SIZE * 4)(%r10), %r10
+	cmpq	%r10, %r11
+	jbe	L(zero)
+	jmp	L(back_to_loop)
+# endif
+
 	.p2align 4
 L(cross_page_loop):
 	/* Check one byte/dword at a time.  */