diff options
| author | Alan Modra <amodra@gmail.com> | 2022-06-16 16:20:05 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2022-06-16 16:27:35 +0930 |
| commit | 633de7089179f455d94d0fef54c68c298f545242 (patch) | |
| tree | 0804e9222307e0b60df9e8ac202f9aa7bbe7eecc | |
| parent | 370426d0da768345fb53683c803d6d5a20558065 (diff) | |
| download | gdb-633de7089179f455d94d0fef54c68c298f545242.zip gdb-633de7089179f455d94d0fef54c68c298f545242.tar.gz gdb-633de7089179f455d94d0fef54c68c298f545242.tar.bz2 | |
use of uninitialised value in input_file_open
Triggered by a file containing just "#N" or "#A". fgets when hitting
EOF before reading anything returns NULL and does not write to buf.
strchr (buf, '\n') then is reading from uninitialised memory.
* input-file.c (input_file_open): Don't assume buf contains
zero string terminator when fgets returns NULL.
| -rw-r--r-- | gas/input-file.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/gas/input-file.c b/gas/input-file.c index f1085c1..d7cf56c 100644 --- a/gas/input-file.c +++ b/gas/input-file.c @@ -170,20 +170,20 @@ input_file_open (const char *filename, c = getc (f_in); if (c == 'N') { - if (fgets (buf, sizeof (buf), f_in) - && startswith (buf, "O_APP") && ISSPACE (buf[5])) + char *p = fgets (buf, sizeof (buf), f_in); + if (p && startswith (p, "O_APP") && ISSPACE (p[5])) preprocess = 0; - if (!strchr (buf, '\n')) - ungetc ('#', f_in); /* It was longer. */ + if (!p || !strchr (p, '\n')) + ungetc ('#', f_in); else ungetc ('\n', f_in); } else if (c == 'A') { - if (fgets (buf, sizeof (buf), f_in) - && startswith (buf, "PP") && ISSPACE (buf[2])) + char *p = fgets (buf, sizeof (buf), f_in); + if (p && startswith (p, "PP") && ISSPACE (p[2])) preprocess = 1; - if (!strchr (buf, '\n')) + if (!p || !strchr (p, '\n')) ungetc ('#', f_in); else ungetc ('\n', f_in); |