From 4ad2348edbf43a3d1a694fd5375680cb55e6b1c1 Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Fri, 21 Jun 2024 08:32:53 +0200 Subject: gas: terminate buffer SB in do_repeat() PR gas/31903 While elsewhere having realized that "one" doesn't point to a nul- terminated string, it somehow didn't occur to me that the pre-existing strstr() could have been wrong, and hence I blindly added a new use of the function. Add the (already prior to 1e3c814459d8 ["gas: extend \+ support to .rept"]) missing call to sb_terminate(), leveraging that to simplify the other two places where the lack of nul termination was previously worked around. --- gas/read.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/gas/read.c b/gas/read.c index 40a91f4..ce45877 100644 --- a/gas/read.c +++ b/gas/read.c @@ -3103,6 +3103,8 @@ do_repeat (size_t count, const char *start, const char *end, return; } + sb_terminate (&one); + if (expander != NULL && !*expander && strstr (one.ptr, "\\+") != NULL) { /* The 3 here and below are arbitrary, added in an attempt to limit @@ -3116,8 +3118,7 @@ do_repeat (size_t count, const char *start, const char *end, sb_build (&processed, one.len + 3); - for (ptr = one.ptr; - (bs = memchr (ptr, '\\', one.ptr + one.len - ptr)) != NULL; ) + for (ptr = one.ptr; (bs = strchr (ptr, '\\')) != NULL; ) { sb_add_buffer (&processed, ptr, bs - ptr); switch (bs[1]) @@ -3148,7 +3149,7 @@ do_repeat (size_t count, const char *start, const char *end, } } - sb_add_buffer (&processed, ptr, one.ptr + one.len - ptr); + sb_add_string (&processed, ptr); sb_add_sb (&many, &processed); sb_kill (&processed); -- cgit v1.1