From 6e210b4129b522c1a0b0c6dee24ee469d5020583 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Mon, 16 Jun 2014 10:33:26 +0930 Subject: Fix TIC54X buffer overruns MALLOC_PERTURB_=1 results in "FAIL: c54x macros". * config/tc-tic54x.c (tic54x_mlib): Don't write garbage past end of archive to temp file. (tic54x_start_line_hook): Start scan for parallel on next line, not one char into next line (which may overrun the buffer). --- gas/ChangeLog | 7 +++++++ gas/config/tc-tic54x.c | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/gas/ChangeLog b/gas/ChangeLog index 7f6ec03..7e39715 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,5 +1,12 @@ 2014-06-16 Alan Modra + * config/tc-tic54x.c (tic54x_mlib): Don't write garbage past + end of archive to temp file. + (tic54x_start_line_hook): Start scan for parallel on next line, + not one char into next line (which may overrun the buffer). + +2014-06-16 Alan Modra + * config/tc-vax.c (md_apply_fix): Rewrite. (tc_gen_reloc, vax_cons, vax_cons_fix_new): Style: Use NO_RELOC define rather than the equivalent BFD_RELOC_NONE. diff --git a/gas/config/tc-tic54x.c b/gas/config/tc-tic54x.c index bba743c..c997297 100644 --- a/gas/config/tc-tic54x.c +++ b/gas/config/tc-tic54x.c @@ -2368,13 +2368,13 @@ tic54x_mlib (int ignore ATTRIBUTE_UNUSED) FILE *ftmp; /* We're not sure how big it is, but it will be smaller than "size". */ - bfd_bread (buf, size, mbfd); + size = bfd_bread (buf, size, mbfd); /* Write to a temporary file, then use s_include to include it a bit of a hack. */ ftmp = fopen (fname, "w+b"); fwrite ((void *) buf, size, 1, ftmp); - if (buf[size - 1] != '\n') + if (size == 0 || buf[size - 1] != '\n') fwrite ("\n", 1, 1, ftmp); fclose (ftmp); free (buf); @@ -4777,7 +4777,7 @@ tic54x_start_line_hook (void) line[endp - input_line_pointer] = 0; /* Scan ahead for parallel insns. */ - parallel_on_next_line_hint = next_line_shows_parallel (endp + 1); + parallel_on_next_line_hint = next_line_shows_parallel (endp); /* If within a macro, first process forced replacements. */ if (macro_level > 0) -- cgit v1.1