This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[binutils-gdb] gas/arc: Fix array overrun when checking opcode array


https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fe779266b39080e49b04e61160e6af8be439c182

commit fe779266b39080e49b04e61160e6af8be439c182
Author: Andrew Burgess <andrew.burgess@embecosm.com>
Date:   Wed May 4 13:57:10 2016 +0100

    gas/arc: Fix array overrun when checking opcode array
    
    The opcode array iterator mechanism can, in some situations, result in
    reading memory outside of the opcode array.  When using the
    iterator-next mechanism to find the next possible arc_opcode, if we find
    an opcode where the name field is NULL, or the name does not match, then
    the cached opcode pointer is not set to NULL.  The result is that
    another call to iterator-next will again increment the opcode
    pointer (which might now point outside the opcode array) and attempt to
    access the name field of this undefined opcode.
    
    Fixed in this commit by clearing the cached opcode pointer.
    
    I've added a test case, which currently shows the bug, however, this
    will only expose this bug while the opcode used (dsp_fp_cmp) is the last
    opcode in the table.
    
    gas/ChangeLog:
    
    	* config/tc-arc.c (arc_opcode_hash_entry_iterator_next): Set
    	cached opcode to NULL when we reach a non-matching opcode.
    	* testsuite/gas/arc/asm-errors-2.d: New file.
    	* testsuite/gas/arc/asm-errors-2.err: New file.
    	* testsuite/gas/arc/asm-errors-2.s: New file.

Diff:
---
 gas/ChangeLog                          | 8 ++++++++
 gas/config/tc-arc.c                    | 4 ++--
 gas/testsuite/gas/arc/asm-errors-2.d   | 2 ++
 gas/testsuite/gas/arc/asm-errors-2.err | 2 ++
 gas/testsuite/gas/arc/asm-errors-2.s   | 2 ++
 5 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/gas/ChangeLog b/gas/ChangeLog
index bd529cd..ac921ab 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,5 +1,13 @@
 2016-05-18  Andrew Burgess  <andrew.burgess@embecosm.com>
 
+	* config/tc-arc.c (arc_opcode_hash_entry_iterator_next): Set
+	cached opcode to NULL when we reach a non-matching opcode.
+	* testsuite/gas/arc/asm-errors-2.d: New file.
+	* testsuite/gas/arc/asm-errors-2.err: New file.
+	* testsuite/gas/arc/asm-errors-2.s: New file.
+
+2016-05-18  Andrew Burgess  <andrew.burgess@embecosm.com>
+
 	* config/tc-arc.c (tokenize_arguments): Add checks for array
 	overflow.
 	* testsuite/gas/arc/asm-errors.s: Addition test line added.
diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c
index ca94b1f..2f43be5 100644
--- a/gas/config/tc-arc.c
+++ b/gas/config/tc-arc.c
@@ -674,8 +674,8 @@ arc_opcode_hash_entry_iterator_next (const struct arc_opcode_hash_entry *entry,
       const char *old_name = iter->opcode->name;
 
       iter->opcode++;
-      if (iter->opcode->name
-	  && (strcmp (old_name, iter->opcode->name) != 0))
+      if (iter->opcode->name == NULL
+	  || strcmp (old_name, iter->opcode->name) != 0)
 	{
 	  iter->index++;
 	  if (iter->index == entry->count)
diff --git a/gas/testsuite/gas/arc/asm-errors-2.d b/gas/testsuite/gas/arc/asm-errors-2.d
new file mode 100644
index 0000000..fd3c09a
--- /dev/null
+++ b/gas/testsuite/gas/arc/asm-errors-2.d
@@ -0,0 +1,2 @@
+#as: -mcpu=arcem
+#error-output: asm-errors-2.err
diff --git a/gas/testsuite/gas/arc/asm-errors-2.err b/gas/testsuite/gas/arc/asm-errors-2.err
new file mode 100644
index 0000000..64fdc9a
--- /dev/null
+++ b/gas/testsuite/gas/arc/asm-errors-2.err
@@ -0,0 +1,2 @@
+[^:]*: Assembler messages:
+[^:]*:2: Error: inappropriate arguments for opcode 'dsp_fp_cmp'
diff --git a/gas/testsuite/gas/arc/asm-errors-2.s b/gas/testsuite/gas/arc/asm-errors-2.s
new file mode 100644
index 0000000..f5bf8da
--- /dev/null
+++ b/gas/testsuite/gas/arc/asm-errors-2.s
@@ -0,0 +1,2 @@
+        .text
+        dsp_fp_cmp      r0


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]