kvx: asan: out-of-bounds read

kvx-parse.c:parse_with_restarts does if (!tok.insn[tok.begin]) tok.class_id = -3; then a little later printf_debug (1, "\nEntering rule: %d (Trying to match: (%s)[%d])\n", jump_target, TOKEN_NAME (CLASS_ID (tok)), CLASS_ID (tok)); This results in a buffer overrun in TOKEN_NAME. Fix that. * config/tc-kvx.h (TOKEN_NAME): Check for tok <= 0, not just -1.
author: Alan Modra <amodra@gmail.com> 2023-08-23 08:18:39 +0930
committer: Alan Modra <amodra@gmail.com> 2023-08-23 11:03:52 +0930
commit: 847fb383d83039b194f68d9e09974a3de4095eb5 (patch)
tree: 8dc777d49be7cb4c0e4a7ff6776b13897ee1efa8 /gas
parent: c5ed8c6376e755e0a138be4a30469caa6611a5f7 (diff)
download: gdb-847fb383d83039b194f68d9e09974a3de4095eb5.zip
gdb-847fb383d83039b194f68d9e09974a3de4095eb5.tar.gz
gdb-847fb383d83039b194f68d9e09974a3de4095eb5.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/gas/config/tc-kvx.h b/gas/config/tc-kvx.h
index 11787bf..85344cb 100644
--- a/gas/config/tc-kvx.h
+++ b/gas/config/tc-kvx.h
@@ -37,7 +37,8 @@
 #define KVX_RA_REGNO (67)
 #define KVX_SP_REGNO (12)
 
-#define TOKEN_NAME(tok) ((tok) == -1 ? "unknown token" : env.tokens_names[(tok) - 1])
+#define TOKEN_NAME(tok) \
+  ((tok) <= 0 ? "unknown token" : env.tokens_names[(tok) - 1])
 
 struct token_s {
   char *insn;
author	Alan Modra <amodra@gmail.com>	2023-08-23 08:18:39 +0930
committer	Alan Modra <amodra@gmail.com>	2023-08-23 11:03:52 +0930
commit	847fb383d83039b194f68d9e09974a3de4095eb5 (patch)
tree	8dc777d49be7cb4c0e4a7ff6776b13897ee1efa8 /gas
parent	c5ed8c6376e755e0a138be4a30469caa6611a5f7 (diff)
download	gdb-847fb383d83039b194f68d9e09974a3de4095eb5.zip gdb-847fb383d83039b194f68d9e09974a3de4095eb5.tar.gz gdb-847fb383d83039b194f68d9e09974a3de4095eb5.tar.bz2