aboutsummaryrefslogtreecommitdiff
path: root/gas
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2022-06-02 11:29:34 +0930
committerAlan Modra <amodra@gmail.com>2022-06-02 15:54:14 +0930
commitcd826186c8b271fa7a1f5ff93b55acd672baf646 (patch)
tree58be48ed9730b42b272b1db670d1f43c1865f79e /gas
parent6f87d3fd27417e5adb2aa6f106a614296425df57 (diff)
downloadgdb-cd826186c8b271fa7a1f5ff93b55acd672baf646.zip
gdb-cd826186c8b271fa7a1f5ff93b55acd672baf646.tar.gz
gdb-cd826186c8b271fa7a1f5ff93b55acd672baf646.tar.bz2
sb_scrub_and_add_sb not draining input string buffer
It is possible for sb_scrub_and_add_sb to not consume all of the input string buffer. If this happens for reasons explained in the comment, do_scrub_chars can leave pointers to the string buffer for the next call. This patch fixes that by ensuring the input is drained. Note that the behaviour for an empty string buffer is also changed, avoiding another do_scrub_chars bug where empty input and single char sized output buffers could result in a write past the end of the output. sb.c (sb_scrub_and_add_sb): Loop until all of input sb is consumed.
Diffstat (limited to 'gas')
-rw-r--r--gas/sb.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/gas/sb.c b/gas/sb.c
index 6a4c4d0..c44016a 100644
--- a/gas/sb.c
+++ b/gas/sb.c
@@ -111,8 +111,20 @@ sb_scrub_and_add_sb (sb *ptr, sb *s)
sb_to_scrub = s;
scrub_position = s->ptr;
- sb_check (ptr, s->len);
- ptr->len += do_scrub_chars (scrub_from_sb, ptr->ptr + ptr->len, s->len);
+ /* do_scrub_chars can expand text, for example when replacing
+ # 123 "filename"
+ with
+ \t.linefile 123 "filename"
+ or when replacing a 'c with the decimal ascii number for c.
+ So we loop until the input S is consumed. */
+ while (1)
+ {
+ size_t copy = s->len - (scrub_position - s->ptr);
+ if (copy == 0)
+ break;
+ sb_check (ptr, copy);
+ ptr->len += do_scrub_chars (scrub_from_sb, ptr->ptr + ptr->len, copy);
+ }
sb_to_scrub = 0;
scrub_position = 0;