From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id 345043858C53; Wed, 23 Aug 2023 01:46:45 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 345043858C53
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] kvx: asan: out-of-bounds read
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: c5ed8c6376e755e0a138be4a30469caa6611a5f7
X-Git-Newrev: 847fb383d83039b194f68d9e09974a3de4095eb5
Message-Id: <20230823014645.345043858C53@sourceware.org>
Date: Wed, 23 Aug 2023 01:46:45 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 01:46:45 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D847fb383d830=
39b194f68d9e09974a3de4095eb5

commit 847fb383d83039b194f68d9e09974a3de4095eb5
Author: Alan Modra <amodra@gmail.com>
Date:   Wed Aug 23 08:18:39 2023 +0930

    kvx: asan: out-of-bounds read
   =20
    kvx-parse.c:parse_with_restarts does
      if (!tok.insn[tok.begin])
        tok.class_id =3D -3;
    then a little later
      printf_debug (1, "\nEntering rule: %d (Trying to match: (%s)[%d])\n",=
 jump_target,
                    TOKEN_NAME (CLASS_ID (tok)), CLASS_ID (tok));
   =20
    This results in a buffer overrun in TOKEN_NAME.  Fix that.
   =20
            * config/tc-kvx.h (TOKEN_NAME): Check for tok <=3D 0, not just =
-1.

Diff:
---
 gas/config/tc-kvx.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gas/config/tc-kvx.h b/gas/config/tc-kvx.h
index 11787bf0532..85344cbe179 100644
--- a/gas/config/tc-kvx.h
+++ b/gas/config/tc-kvx.h
@@ -37,7 +37,8 @@
 #define KVX_RA_REGNO (67)
 #define KVX_SP_REGNO (12)
=20
-#define TOKEN_NAME(tok) ((tok) =3D=3D -1 ? "unknown token" : env.tokens_na=
mes[(tok) - 1])
+#define TOKEN_NAME(tok) \
+  ((tok) <=3D 0 ? "unknown token" : env.tokens_names[(tok) - 1])
=20
 struct token_s {
   char *insn;