This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] gas/arc: Add guard against operand array overflow.
- From: Andrew Burgess <aburgess at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 18 May 2016 21:36:49 -0000
- Subject: [binutils-gdb] gas/arc: Add guard against operand array overflow.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3b889a787863d22694bb53eb08160c94ab52c58d
commit 3b889a787863d22694bb53eb08160c94ab52c58d
Author: Andrew Burgess <andrew.burgess@embecosm.com>
Date: Tue May 3 13:43:44 2016 +0100
gas/arc: Add guard against operand array overflow.
Currently supplying an input file with too many operands to an
instruction will cause the assembler to overflow and array and trigger
undefined behaviour.
This change checks that we don't access outside the limits of the
operand array.
gas/ChangeLog:
* config/tc-arc.c (tokenize_arguments): Add checks for array
overflow.
* testsuite/gas/arc/asm-errors.s: Addition test line added.
* testsuite/gas/arc/asm-errors.err: Update expected results.
Diff:
---
gas/ChangeLog | 7 +++++++
gas/config/tc-arc.c | 12 +++++++-----
gas/testsuite/gas/arc/asm-errors.err | 2 ++
gas/testsuite/gas/arc/asm-errors.s | 1 +
4 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/gas/ChangeLog b/gas/ChangeLog
index aa50770..bd529cd 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,10 @@
+2016-05-18 Andrew Burgess <andrew.burgess@embecosm.com>
+
+ * config/tc-arc.c (tokenize_arguments): Add checks for array
+ overflow.
+ * testsuite/gas/arc/asm-errors.s: Addition test line added.
+ * testsuite/gas/arc/asm-errors.err: Update expected results.
+
2016-05-18 Trevor Saunders <tbsaunde+binutils@tbsaunde.org>
* config/tc-rx.c (struct cpu_type): Change the type of a field from
diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c
index 28f135b..ca94b1f 100644
--- a/gas/config/tc-arc.c
+++ b/gas/config/tc-arc.c
@@ -1039,7 +1039,7 @@ tokenize_arguments (char *str,
case ']':
++input_line_pointer;
--brk_lvl;
- if (!saw_arg)
+ if (!saw_arg || num_args == ntok)
goto err;
tok->X_op = O_bracket;
++tok;
@@ -1049,7 +1049,7 @@ tokenize_arguments (char *str,
case '{':
case '[':
input_line_pointer++;
- if (brk_lvl)
+ if (brk_lvl || num_args == ntok)
goto err;
++brk_lvl;
tok->X_op = O_bracket;
@@ -1060,7 +1060,7 @@ tokenize_arguments (char *str,
case '@':
/* We have labels, function names and relocations, all
starting with @ symbol. Sort them out. */
- if (saw_arg && !saw_comma)
+ if ((saw_arg && !saw_comma) || num_args == ntok)
goto err;
/* Parse @label. */
@@ -1165,7 +1165,7 @@ tokenize_arguments (char *str,
/* Fall through. */
default:
- if (saw_arg && !saw_comma)
+ if ((saw_arg && !saw_comma) || num_args == ntok)
goto err;
tok->X_op = O_absent;
@@ -1181,7 +1181,9 @@ tokenize_arguments (char *str,
normalsymbol:
debug_exp (tok);
- if (tok->X_op == O_illegal || tok->X_op == O_absent)
+ if (tok->X_op == O_illegal
+ || tok->X_op == O_absent
+ || num_args == ntok)
goto err;
saw_comma = FALSE;
diff --git a/gas/testsuite/gas/arc/asm-errors.err b/gas/testsuite/gas/arc/asm-errors.err
index 35390fc..e889eb8 100644
--- a/gas/testsuite/gas/arc/asm-errors.err
+++ b/gas/testsuite/gas/arc/asm-errors.err
@@ -2,3 +2,5 @@
[^:]*:2: Error: inappropriate arguments for opcode 'adc'
[^:]*:3: Error: inappropriate arguments for opcode 'adc'
[^:]*:4: Error: inappropriate arguments for opcode 'adc'
+[^:]*:5: Error: extra comma
+[^:]*:5: Error: syntax error
diff --git a/gas/testsuite/gas/arc/asm-errors.s b/gas/testsuite/gas/arc/asm-errors.s
index 6e0fd6a..d3f16c0 100644
--- a/gas/testsuite/gas/arc/asm-errors.s
+++ b/gas/testsuite/gas/arc/asm-errors.s
@@ -2,3 +2,4 @@
adc.al.ra r0,r0,r2
adc.eq.eq r0,r0,r2
adc.n.eq r0,r0,r2
+ add r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0