From 9d46ce346fe3028d3d57332f286f3895c0724876 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 20 Jan 2017 10:32:25 +0000 Subject: Fix potential array overrun in x86 assembler. * config/tc-i386.c (parse_operands): Check for operand overflow before setting the unspecified bit. --- gas/ChangeLog | 5 +++++ gas/config/tc-i386.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'gas') diff --git a/gas/ChangeLog b/gas/ChangeLog index d515f3b..fbadd0b 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,3 +1,8 @@ +2017-01-20 Nick Clifton + + * config/tc-i386.c (parse_operands): Check for operand overflow + before setting the unspecified bit. + 2017-01-18 Maciej W. Rozycki PR gas/20649 diff --git a/gas/config/tc-i386.c b/gas/config/tc-i386.c index 80812cf..1fc6bc7 100644 --- a/gas/config/tc-i386.c +++ b/gas/config/tc-i386.c @@ -4136,13 +4136,13 @@ parse_operands (char *l, const char *mnemonic) { /* Yes, we've read in another operand. */ unsigned int operand_ok; this_operand = i.operands++; - i.types[this_operand].bitfield.unspecified = 1; if (i.operands > MAX_OPERANDS) { as_bad (_("spurious operands; (%d operands/instruction max)"), MAX_OPERANDS); return NULL; } + i.types[this_operand].bitfield.unspecified = 1; /* Now parse operand adding info to 'i' as we go along. */ END_STRING_AND_SAVE (l); -- cgit v1.1