* [PATCH] x86: avoid i386_dis_printf()'s staging area for potentially long strings
@ 2022-08-15 11:17 Jan Beulich
2022-08-15 14:25 ` H.J. Lu
0 siblings, 1 reply; 3+ messages in thread
From: Jan Beulich @ 2022-08-15 11:17 UTC (permalink / raw)
To: Binutils
PR binutils/29483
When print_insn() processes op_txt[], it may pass strings into
i386_dis_printf() which staging_area[] cannot fit; this was observed for
an invalid form of VPSCATTERDD (both broadcast and zeroing-masking bits
set). Rather than arbitrarily enlarging that local array, avoid its use
altogether when the format string is simply "%s". This merely requires
two local variables to have their type constified.
While limiting the scope of "res" it became apparent that
- no caller cares about the function's return value,
- the comment about the return value was wrong,
- a particular positive return value would have been meaningless to the
caller.
Therefore convert the function to return "void" at the same time.
---
An alternative to the special casing would be to introduce something
like i386_dis_puts(), then to be used by all call sites which currently
pass "%s" or format strings without any format characters at all (plus,
of course, i386_dis_printf() itself).
--- a/opcodes/i386-dis.c
+++ b/opcodes/i386-dis.c
@@ -9264,31 +9264,40 @@ oappend_register (instr_info *ins, const
STYLE is the default style to use in the fprintf_styled_func calls,
however, FMT might include embedded style markers (see oappend_style),
these embedded markers are not printed, but instead change the style
- used in the next fprintf_styled_func call.
+ used in the next fprintf_styled_func call. */
- Return non-zero to indicate the print call was a success. */
-
-static int ATTRIBUTE_PRINTF_3
+static void ATTRIBUTE_PRINTF_3
i386_dis_printf (instr_info *ins, enum disassembler_style style,
const char *fmt, ...)
{
va_list ap;
enum disassembler_style curr_style = style;
- char *start, *curr;
+ const char *start, *curr;
char staging_area[100];
- int res;
va_start (ap, fmt);
- res = vsnprintf (staging_area, sizeof (staging_area), fmt, ap);
- va_end (ap);
+ /* In particular print_insn()'s processing of op_txt[] can hand rather long
+ strings here. Bypass vsnprintf() in such cases to avoid capacity issues
+ with the staging area. */
+ if (strcmp (fmt, "%s"))
+ {
+ int res = vsnprintf (staging_area, sizeof (staging_area), fmt, ap);
- if (res < 0)
- return res;
+ va_end (ap);
- if ((size_t) res >= sizeof (staging_area))
- abort ();
+ if (res < 0)
+ return;
- start = curr = staging_area;
+ if ((size_t) res >= sizeof (staging_area))
+ abort ();
+
+ start = curr = staging_area;
+ }
+ else
+ {
+ start = curr = va_arg (ap, const char *);
+ va_end (ap);
+ }
do
{
@@ -9303,10 +9312,7 @@ i386_dis_printf (instr_info *ins, enum d
curr_style,
"%.*s", len, start);
if (n < 0)
- {
- res = n;
- break;
- }
+ break;
if (*curr == '\0')
break;
@@ -9340,8 +9346,6 @@ i386_dis_printf (instr_info *ins, enum d
++curr;
}
while (true);
-
- return res;
}
static int
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] x86: avoid i386_dis_printf()'s staging area for potentially long strings
2022-08-15 11:17 [PATCH] x86: avoid i386_dis_printf()'s staging area for potentially long strings Jan Beulich
@ 2022-08-15 14:25 ` H.J. Lu
2022-08-15 14:39 ` Jan Beulich
0 siblings, 1 reply; 3+ messages in thread
From: H.J. Lu @ 2022-08-15 14:25 UTC (permalink / raw)
To: Jan Beulich; +Cc: Binutils, Alan Modra
On Mon, Aug 15, 2022 at 4:17 AM Jan Beulich <jbeulich@suse.com> wrote:
>
> PR binutils/29483
>
> When print_insn() processes op_txt[], it may pass strings into
> i386_dis_printf() which staging_area[] cannot fit; this was observed for
> an invalid form of VPSCATTERDD (both broadcast and zeroing-masking bits
> set). Rather than arbitrarily enlarging that local array, avoid its use
> altogether when the format string is simply "%s". This merely requires
> two local variables to have their type constified.
>
> While limiting the scope of "res" it became apparent that
> - no caller cares about the function's return value,
> - the comment about the return value was wrong,
> - a particular positive return value would have been meaningless to the
> caller.
> Therefore convert the function to return "void" at the same time.
> ---
> An alternative to the special casing would be to introduce something
> like i386_dis_puts(), then to be used by all call sites which currently
> pass "%s" or format strings without any format characters at all (plus,
> of course, i386_dis_printf() itself).
>
> --- a/opcodes/i386-dis.c
> +++ b/opcodes/i386-dis.c
> @@ -9264,31 +9264,40 @@ oappend_register (instr_info *ins, const
> STYLE is the default style to use in the fprintf_styled_func calls,
> however, FMT might include embedded style markers (see oappend_style),
> these embedded markers are not printed, but instead change the style
> - used in the next fprintf_styled_func call.
> + used in the next fprintf_styled_func call. */
>
> - Return non-zero to indicate the print call was a success. */
> -
> -static int ATTRIBUTE_PRINTF_3
> +static void ATTRIBUTE_PRINTF_3
> i386_dis_printf (instr_info *ins, enum disassembler_style style,
> const char *fmt, ...)
> {
> va_list ap;
> enum disassembler_style curr_style = style;
> - char *start, *curr;
> + const char *start, *curr;
> char staging_area[100];
> - int res;
>
> va_start (ap, fmt);
> - res = vsnprintf (staging_area, sizeof (staging_area), fmt, ap);
> - va_end (ap);
> + /* In particular print_insn()'s processing of op_txt[] can hand rather long
> + strings here. Bypass vsnprintf() in such cases to avoid capacity issues
> + with the staging area. */
> + if (strcmp (fmt, "%s"))
> + {
> + int res = vsnprintf (staging_area, sizeof (staging_area), fmt, ap);
>
> - if (res < 0)
> - return res;
> + va_end (ap);
>
> - if ((size_t) res >= sizeof (staging_area))
> - abort ();
> + if (res < 0)
> + return;
>
> - start = curr = staging_area;
> + if ((size_t) res >= sizeof (staging_area))
> + abort ();
> +
> + start = curr = staging_area;
> + }
> + else
> + {
> + start = curr = va_arg (ap, const char *);
> + va_end (ap);
> + }
>
> do
> {
> @@ -9303,10 +9312,7 @@ i386_dis_printf (instr_info *ins, enum d
> curr_style,
> "%.*s", len, start);
> if (n < 0)
> - {
> - res = n;
> - break;
> - }
> + break;
>
> if (*curr == '\0')
> break;
> @@ -9340,8 +9346,6 @@ i386_dis_printf (instr_info *ins, enum d
> ++curr;
> }
> while (true);
> -
> - return res;
> }
>
> static int
Please include a testcase to verify that the issue is fixed.
Thanks.
--
H.J.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] x86: avoid i386_dis_printf()'s staging area for potentially long strings
2022-08-15 14:25 ` H.J. Lu
@ 2022-08-15 14:39 ` Jan Beulich
0 siblings, 0 replies; 3+ messages in thread
From: Jan Beulich @ 2022-08-15 14:39 UTC (permalink / raw)
To: H.J. Lu; +Cc: Binutils, Alan Modra
On 15.08.2022 16:25, H.J. Lu wrote:
> Please include a testcase to verify that the issue is fixed.
I was fearing I would get back such a reply - I'm not convinced of the
usefulness of testcases like what you ask for. Such a test succeeding
doesn't mean at all that a similar issue hasn't been (re)introduced.
Jan
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-08-15 14:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-15 11:17 [PATCH] x86: avoid i386_dis_printf()'s staging area for potentially long strings Jan Beulich
2022-08-15 14:25 ` H.J. Lu
2022-08-15 14:39 ` Jan Beulich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).