This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[PATCH 2/4] gas/arc: Fix array overrun when checking opcode array
- From: Andrew Burgess <andrew dot burgess at embecosm dot com>
- To: binutils at sourceware dot org
- Cc: Claudiu dot Zissulescu at synopsys dot com, Cupertino dot Miranda at synopsys dot com, Andrew Burgess <andrew dot burgess at embecosm dot com>
- Date: Wed, 11 May 2016 20:21:24 +0100
- Subject: [PATCH 2/4] gas/arc: Fix array overrun when checking opcode array
- Authentication-results: sourceware.org; auth=none
- References: <1462994486-12419-1-git-send-email-andrew dot burgess at embecosm dot com>
The opcode array iterator mechanism can, in some situations, result in
reading memory outside of the opcode array. When using the
iterator-next mechanism to find the next possible arc_opcode, if we find
an opcode where the name field is NULL, or the name does not match, then
the cached opcode pointer is not set to NULL. The result is that
another call to iterator-next will again increment the opcode
pointer (which might now point outside the opcode array) and attempt to
access the name field of this undefined opcode.
Fixed in this commit by clearing the cached opcode pointer.
I've added a test case, which currently shows the bug, however, this
will only expose this bug while the opcode used (dsp_fp_cmp) is the last
opcode in the table.
gas/ChangeLog:
* config/tc-arc.c (arc_opcode_hash_entry_iterator_next): Set
cached opcode to NULL when we reach a non-matching opcode.
* gas/testsuite/gas/arc/asm-errors-2.d: New file.
* gas/testsuite/gas/arc/asm-errors-2.err: New file.
* gas/testsuite/gas/arc/asm-errors-2.s: New file.
---
gas/ChangeLog | 8 ++++++++
gas/config/tc-arc.c | 6 +++---
gas/testsuite/gas/arc/asm-errors-2.d | 2 ++
gas/testsuite/gas/arc/asm-errors-2.err | 2 ++
gas/testsuite/gas/arc/asm-errors-2.s | 2 ++
5 files changed, 17 insertions(+), 3 deletions(-)
create mode 100644 gas/testsuite/gas/arc/asm-errors-2.d
create mode 100644 gas/testsuite/gas/arc/asm-errors-2.err
create mode 100644 gas/testsuite/gas/arc/asm-errors-2.s
diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c
index 4c9b08a..38d4e8f 100644
--- a/gas/config/tc-arc.c
+++ b/gas/config/tc-arc.c
@@ -674,9 +674,9 @@ arc_opcode_hash_entry_iterator_next (const struct arc_opcode_hash_entry *entry,
const char *old_name = iter->opcode->name;
iter->opcode++;
- if (iter->opcode->name
- && (strcmp (old_name, iter->opcode->name) != 0))
- {
+ if (iter->opcode->name == NULL
+ || strcmp (old_name, iter->opcode->name) != 0)
+ {
iter->index++;
if (iter->index == entry->count)
iter->opcode = NULL;
diff --git a/gas/testsuite/gas/arc/asm-errors-2.d b/gas/testsuite/gas/arc/asm-errors-2.d
new file mode 100644
index 0000000..fd3c09a
--- /dev/null
+++ b/gas/testsuite/gas/arc/asm-errors-2.d
@@ -0,0 +1,2 @@
+#as: -mcpu=arcem
+#error-output: asm-errors-2.err
diff --git a/gas/testsuite/gas/arc/asm-errors-2.err b/gas/testsuite/gas/arc/asm-errors-2.err
new file mode 100644
index 0000000..64fdc9a
--- /dev/null
+++ b/gas/testsuite/gas/arc/asm-errors-2.err
@@ -0,0 +1,2 @@
+[^:]*: Assembler messages:
+[^:]*:2: Error: inappropriate arguments for opcode 'dsp_fp_cmp'
diff --git a/gas/testsuite/gas/arc/asm-errors-2.s b/gas/testsuite/gas/arc/asm-errors-2.s
new file mode 100644
index 0000000..f5bf8da
--- /dev/null
+++ b/gas/testsuite/gas/arc/asm-errors-2.s
@@ -0,0 +1,2 @@
+ .text
+ dsp_fp_cmp r0
--
2.6.4