This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH 1/4] gas/arc: Add guard against operand array overflow.


Currently supplying an input file with too many operands to an
instruction will cause the assembler to overflow and array and trigger
undefined behaviour.

This change checks that we don't access outside the limits of the
operand array.

gas/ChangeLog:

	* config/tc-arc.c (tokenize_arguments): Add checks for array
	overflow.
	* testsuite/gas/arc/asm-errors.s: Addition test line added.
	* testsuite/gas/arc/asm-errors.err: Update expected results.
---
 gas/ChangeLog                        |  7 +++++++
 gas/config/tc-arc.c                  | 12 +++++++-----
 gas/testsuite/gas/arc/asm-errors.err |  2 ++
 gas/testsuite/gas/arc/asm-errors.s   |  1 +
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c
index b64174f..4c9b08a 100644
--- a/gas/config/tc-arc.c
+++ b/gas/config/tc-arc.c
@@ -1040,7 +1040,7 @@ tokenize_arguments (char *str,
 	case ']':
 	  ++input_line_pointer;
 	  --brk_lvl;
-	  if (!saw_arg)
+	  if (!saw_arg || num_args == ntok)
 	    goto err;
 	  tok->X_op = O_bracket;
 	  ++tok;
@@ -1050,7 +1050,7 @@ tokenize_arguments (char *str,
 	case '{':
 	case '[':
 	  input_line_pointer++;
-	  if (brk_lvl)
+	  if (brk_lvl || num_args == ntok)
 	    goto err;
 	  ++brk_lvl;
 	  tok->X_op = O_bracket;
@@ -1061,7 +1061,7 @@ tokenize_arguments (char *str,
 	case '@':
 	  /* We have labels, function names and relocations, all
 	     starting with @ symbol.  Sort them out.  */
-	  if (saw_arg && !saw_comma)
+	  if ((saw_arg && !saw_comma) || num_args == ntok)
 	    goto err;
 
 	  /* Parse @label.  */
@@ -1166,7 +1166,7 @@ tokenize_arguments (char *str,
 	  /* Fall through.  */
 	default:
 
-	  if (saw_arg && !saw_comma)
+	  if ((saw_arg && !saw_comma) || num_args == ntok)
 	    goto err;
 
 	  tok->X_op = O_absent;
@@ -1182,7 +1182,9 @@ tokenize_arguments (char *str,
 	normalsymbol:
 	  debug_exp (tok);
 
-	  if (tok->X_op == O_illegal || tok->X_op == O_absent)
+	  if (tok->X_op == O_illegal
+              || tok->X_op == O_absent
+              || num_args == ntok)
 	    goto err;
 
 	  saw_comma = FALSE;
diff --git a/gas/testsuite/gas/arc/asm-errors.err b/gas/testsuite/gas/arc/asm-errors.err
index 35390fc..e889eb8 100644
--- a/gas/testsuite/gas/arc/asm-errors.err
+++ b/gas/testsuite/gas/arc/asm-errors.err
@@ -2,3 +2,5 @@
 [^:]*:2: Error: inappropriate arguments for opcode 'adc'
 [^:]*:3: Error: inappropriate arguments for opcode 'adc'
 [^:]*:4: Error: inappropriate arguments for opcode 'adc'
+[^:]*:5: Error: extra comma
+[^:]*:5: Error: syntax error
diff --git a/gas/testsuite/gas/arc/asm-errors.s b/gas/testsuite/gas/arc/asm-errors.s
index 6e0fd6a..d3f16c0 100644
--- a/gas/testsuite/gas/arc/asm-errors.s
+++ b/gas/testsuite/gas/arc/asm-errors.s
@@ -2,3 +2,4 @@
         adc.al.ra       r0,r0,r2
         adc.eq.eq       r0,r0,r2
         adc.n.eq        r0,r0,r2
+        add             r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0
-- 
2.6.4


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]