diff options
author | Alan Modra <amodra@gmail.com> | 2022-06-02 11:29:34 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2022-06-02 15:54:14 +0930 |
commit | cd826186c8b271fa7a1f5ff93b55acd672baf646 (patch) | |
tree | 58be48ed9730b42b272b1db670d1f43c1865f79e /gas | |
parent | 6f87d3fd27417e5adb2aa6f106a614296425df57 (diff) | |
download | gdb-cd826186c8b271fa7a1f5ff93b55acd672baf646.zip gdb-cd826186c8b271fa7a1f5ff93b55acd672baf646.tar.gz gdb-cd826186c8b271fa7a1f5ff93b55acd672baf646.tar.bz2 |
sb_scrub_and_add_sb not draining input string buffer
It is possible for sb_scrub_and_add_sb to not consume all of the input
string buffer. If this happens for reasons explained in the comment,
do_scrub_chars can leave pointers to the string buffer for the next
call. This patch fixes that by ensuring the input is drained. Note
that the behaviour for an empty string buffer is also changed,
avoiding another do_scrub_chars bug where empty input and single char
sized output buffers could result in a write past the end of the
output.
sb.c (sb_scrub_and_add_sb): Loop until all of input sb is
consumed.
Diffstat (limited to 'gas')
-rw-r--r-- | gas/sb.c | 16 |
1 files changed, 14 insertions, 2 deletions
@@ -111,8 +111,20 @@ sb_scrub_and_add_sb (sb *ptr, sb *s) sb_to_scrub = s; scrub_position = s->ptr; - sb_check (ptr, s->len); - ptr->len += do_scrub_chars (scrub_from_sb, ptr->ptr + ptr->len, s->len); + /* do_scrub_chars can expand text, for example when replacing + # 123 "filename" + with + \t.linefile 123 "filename" + or when replacing a 'c with the decimal ascii number for c. + So we loop until the input S is consumed. */ + while (1) + { + size_t copy = s->len - (scrub_position - s->ptr); + if (copy == 0) + break; + sb_check (ptr, copy); + ptr->len += do_scrub_chars (scrub_from_sb, ptr->ptr + ptr->len, copy); + } sb_to_scrub = 0; scrub_position = 0; |