runtime: fix amd64p32 indexbytes in presence of overflow

When the slice/string length is very large, probably artifically large as in CL 97523, adding BX (length) to R11 (pointer) overflows. As a result, checking DI < R11 yields the wrong result. Since they will be equal when the loop is done, just check DI != R11 instead. Yes, the pointer itself could overflow, but if that happens, something else has gone pretty wrong; not our concern here. Fixes #24187 Change-Id: I2f60fc6ccae739345d01bc80528560726ad4f8c6 Reviewed-on: https://go-review.googlesource.com/97802 Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org>
2024-11-26 20:31:25 -07:00 · 2018-02-28 22:01:24 -08:00 · 2018-02-28 22:01:24 -08:00 · aa9c1a8f80
commit aa9c1a8f80
parent 77ba071ec6
2 changed files with 34 additions and 1 deletions
--- a/src/runtime/asm_amd64p32.s
+++ b/src/runtime/asm_amd64p32.s
@ -904,7 +904,7 @@ sse:

 condition:
 	CMPL DI, R11
-	JLT sse
+	JNE sse

 	// search the end
 	MOVL SI, CX
--- a/test/fixedbugs/issue24187.go
+++ b/test/fixedbugs/issue24187.go
@ -0,0 +1,33 @@
+// +build amd64p32
+// run
+
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"unsafe"
+)
+
+func main() {
+	b := make([]byte, 128)
+	for i := range b {
+		b[i] = 1
+	}
+	if bytes.IndexByte(b, 0) != -1 {
+		panic("found 0")
+	}
+	for i := range b {
+		b[i] = 0
+		c := b
+		*(*int)(unsafe.Pointer(uintptr(unsafe.Pointer(&c)) + unsafe.Sizeof(uintptr(0)))) = 1<<31 - 1
+		if bytes.IndexByte(c, 0) != i {
+			panic(fmt.Sprintf("missing 0 at %d\n", i))
+		}
+		b[i] = 1
+	}
+}