diff options
| author | Li Hao <li.hao296@zte.com.cn> | 2019-03-15 11:58:05 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2019-03-15 11:58:05 +0000 |
| commit | 1c529385d9d7f53efa541d9701ec8c1001581e3e (patch) | |
| tree | 4b1ebe2623663766cff9937e481edfd59a8d6232 /gas | |
| parent | fe3fef62ad11115fc3b03c0c0dcb9c38b2f544cb (diff) | |
| download | gdb-1c529385d9d7f53efa541d9701ec8c1001581e3e.zip gdb-1c529385d9d7f53efa541d9701ec8c1001581e3e.tar.gz gdb-1c529385d9d7f53efa541d9701ec8c1001581e3e.tar.bz2 | |
Fix a potential illegal memory access whilt parsing an x86 insn.
PR 24308
* config/tc-i386.c (parse_insn): Check mnemp before using it to
determine if a suffix can be trimmed.
Diffstat (limited to 'gas')
| -rw-r--r-- | gas/ChangeLog | 6 | ||||
| -rw-r--r-- | gas/config/tc-i386.c | 68 |
2 files changed, 42 insertions, 32 deletions
diff --git a/gas/ChangeLog b/gas/ChangeLog index d08c096..bf0c171 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,3 +1,9 @@ +2019-03-15 Li Hao <li.hao296@zte.com.cn> + + PR 24308 + * config/tc-i386.c (parse_insn): Check mnemp before using it to + determine if a suffix can be trimmed. + 2019-03-13 Christian Eggers <ceggers@gmx.de> * dwarf2dbg.c (out_set_addr): Align relocation within .debug_line. diff --git a/gas/config/tc-i386.c b/gas/config/tc-i386.c index d31ee6a..1b1b0a9 100644 --- a/gas/config/tc-i386.c +++ b/gas/config/tc-i386.c @@ -4561,46 +4561,50 @@ parse_insn (char *line, char *mnemonic) if (!current_templates) { check_suffix: - /* See if we can get a match by trimming off a suffix. */ - switch (mnem_p[-1]) + if (mnem_p > mnemonic) { - case WORD_MNEM_SUFFIX: - if (intel_syntax && (intel_float_operand (mnemonic) & 2)) - i.suffix = SHORT_MNEM_SUFFIX; - else - /* Fall through. */ - case BYTE_MNEM_SUFFIX: - case QWORD_MNEM_SUFFIX: - i.suffix = mnem_p[-1]; - mnem_p[-1] = '\0'; - current_templates = (const templates *) hash_find (op_hash, - mnemonic); - break; - case SHORT_MNEM_SUFFIX: - case LONG_MNEM_SUFFIX: - if (!intel_syntax) - { - i.suffix = mnem_p[-1]; - mnem_p[-1] = '\0'; - current_templates = (const templates *) hash_find (op_hash, - mnemonic); - } - break; - - /* Intel Syntax. */ - case 'd': - if (intel_syntax) + /* See if we can get a match by trimming off a suffix. */ + switch (mnem_p[-1]) { - if (intel_float_operand (mnemonic) == 1) + case WORD_MNEM_SUFFIX: + if (intel_syntax && (intel_float_operand (mnemonic) & 2)) i.suffix = SHORT_MNEM_SUFFIX; else - i.suffix = LONG_MNEM_SUFFIX; + /* Fall through. */ + case BYTE_MNEM_SUFFIX: + case QWORD_MNEM_SUFFIX: + i.suffix = mnem_p[-1]; mnem_p[-1] = '\0'; current_templates = (const templates *) hash_find (op_hash, - mnemonic); + mnemonic); + break; + case SHORT_MNEM_SUFFIX: + case LONG_MNEM_SUFFIX: + if (!intel_syntax) + { + i.suffix = mnem_p[-1]; + mnem_p[-1] = '\0'; + current_templates = (const templates *) hash_find (op_hash, + mnemonic); + } + break; + + /* Intel Syntax. */ + case 'd': + if (intel_syntax) + { + if (intel_float_operand (mnemonic) == 1) + i.suffix = SHORT_MNEM_SUFFIX; + else + i.suffix = LONG_MNEM_SUFFIX; + mnem_p[-1] = '\0'; + current_templates = (const templates *) hash_find (op_hash, + mnemonic); + } + break; } - break; } + if (!current_templates) { as_bad (_("no such instruction: `%s'"), token_start); |