diff options
| author | Andrew Burgess <andrew.burgess@embecosm.com> | 2016-05-03 13:43:44 +0100 |
|---|---|---|
| committer | Andrew Burgess <andrew.burgess@embecosm.com> | 2016-05-18 22:22:49 +0100 |
| commit | 3b889a787863d22694bb53eb08160c94ab52c58d (patch) | |
| tree | 3daf3579bfc29fe642bf90aa804a06dd452c416d /gas/config/tc-arc.c | |
| parent | 45f4ed92d14ddf891be1470556f53de6c94c8dc2 (diff) | |
| download | fsf-binutils-gdb-3b889a787863d22694bb53eb08160c94ab52c58d.zip fsf-binutils-gdb-3b889a787863d22694bb53eb08160c94ab52c58d.tar.gz fsf-binutils-gdb-3b889a787863d22694bb53eb08160c94ab52c58d.tar.bz2 | |
gas/arc: Add guard against operand array overflow.
Currently supplying an input file with too many operands to an
instruction will cause the assembler to overflow and array and trigger
undefined behaviour.
This change checks that we don't access outside the limits of the
operand array.
gas/ChangeLog:
* config/tc-arc.c (tokenize_arguments): Add checks for array
overflow.
* testsuite/gas/arc/asm-errors.s: Addition test line added.
* testsuite/gas/arc/asm-errors.err: Update expected results.
Diffstat (limited to 'gas/config/tc-arc.c')
| -rw-r--r-- | gas/config/tc-arc.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c index 28f135b..ca94b1f 100644 --- a/gas/config/tc-arc.c +++ b/gas/config/tc-arc.c @@ -1039,7 +1039,7 @@ tokenize_arguments (char *str, case ']': ++input_line_pointer; --brk_lvl; - if (!saw_arg) + if (!saw_arg || num_args == ntok) goto err; tok->X_op = O_bracket; ++tok; @@ -1049,7 +1049,7 @@ tokenize_arguments (char *str, case '{': case '[': input_line_pointer++; - if (brk_lvl) + if (brk_lvl || num_args == ntok) goto err; ++brk_lvl; tok->X_op = O_bracket; @@ -1060,7 +1060,7 @@ tokenize_arguments (char *str, case '@': /* We have labels, function names and relocations, all starting with @ symbol. Sort them out. */ - if (saw_arg && !saw_comma) + if ((saw_arg && !saw_comma) || num_args == ntok) goto err; /* Parse @label. */ @@ -1165,7 +1165,7 @@ tokenize_arguments (char *str, /* Fall through. */ default: - if (saw_arg && !saw_comma) + if ((saw_arg && !saw_comma) || num_args == ntok) goto err; tok->X_op = O_absent; @@ -1181,7 +1181,9 @@ tokenize_arguments (char *str, normalsymbol: debug_exp (tok); - if (tok->X_op == O_illegal || tok->X_op == O_absent) + if (tok->X_op == O_illegal + || tok->X_op == O_absent + || num_args == ntok) goto err; saw_comma = FALSE; |