2017-03-29  Adhemerval Zanella  <adhemerval.zanella@linaro.org>

	[BZ# 21182]
	* string/test-memchr.c (do_test): Add BZ#21182 checks for address
	near end of a page.
	* sysdeps/i386/i686/multiarch/memchr-sse2.S (__memchr): Fix
	overflow calculation.

Index: glibc-2.25/string/test-memchr.c
===================================================================
--- glibc-2.25.orig/string/test-memchr.c
+++ glibc-2.25/string/test-memchr.c
@@ -208,6 +208,12 @@ test_main (void)
       do_test (0, i, i + 1, i + 1, 0);
     }
 
+  /* BZ#21182 - wrong overflow calculation for i686 implementation
+     with address near end of the page.  */
+  for (i = 2; i < 16; ++i)
+    /* page_size is in fact getpagesize() * 2.  */
+    do_test (page_size / 2 - i, i, i, 1, 0x9B);
+
   do_random_tests ();
   return ret;
 }
Index: glibc-2.25/sysdeps/i386/i686/multiarch/memchr-sse2.S
===================================================================
--- glibc-2.25.orig/sysdeps/i386/i686/multiarch/memchr-sse2.S
+++ glibc-2.25/sysdeps/i386/i686/multiarch/memchr-sse2.S
@@ -117,7 +117,6 @@ L(crosscache):
 
 # ifndef USE_AS_RAWMEMCHR
 	jnz	L(match_case2_prolog1)
-	lea	-16(%edx), %edx
         /* Calculate the last acceptable address and check for possible
            addition overflow by using satured math:
            edx = ecx + edx
@@ -125,6 +124,7 @@ L(crosscache):
 	add	%ecx, %edx
 	sbb	%eax, %eax
 	or	%eax, %edx
+	sub	$16, %edx
 	jbe	L(return_null)
 	lea	16(%edi), %edi
 # else