From: binutils@emagii.com
To: binutils@sourceware.org
Cc: nickc@redhat.com, Alan Modra <amodra@gmail.com>
Subject: [PATCH v9 08/11] Catch overflow in gas s_space
Date: Thu, 2 Mar 2023 23:04:05 +0100 [thread overview]
Message-ID: <20230302220408.1925678-9-binutils@emagii.com> (raw)
In-Reply-To: <20230302220408.1925678-1-binutils@emagii.com>
From: Alan Modra <amodra@gmail.com>
Also fix an error introduced in 1998 in reporting a zero count for
negative counts.
* read.c (s_space): Use unsigned multiply, and catch overflow.
Correct order of tests for invalid repeat counts. Ensure
ignored directives don't affect mri_pending_align.
---
gas/read.c | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)
diff --git a/gas/read.c b/gas/read.c
index 5d83d35e0aa..cff44623541 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -3328,27 +3328,37 @@ s_space (int mult)
if (exp.X_op == O_constant)
{
- offsetT repeat;
+ addressT repeat = exp.X_add_number;
+ addressT total;
- repeat = exp.X_add_number;
- if (mult)
- repeat *= mult;
- bytes = repeat;
- if (repeat <= 0)
+ bytes = 0;
+ if ((offsetT) repeat < 0)
+ {
+ as_warn (_(".space repeat count is negative, ignored"));
+ goto getout;
+ }
+ if (repeat == 0)
{
if (!flag_mri)
as_warn (_(".space repeat count is zero, ignored"));
- else if (repeat < 0)
- as_warn (_(".space repeat count is negative, ignored"));
goto getout;
}
+ if ((unsigned int) mult <= 1)
+ total = repeat;
+ else if (gas_mul_overflow (repeat, mult, &total)
+ || (offsetT) total < 0)
+ {
+ as_warn (_(".space repeat count overflow, ignored"));
+ goto getout;
+ }
+ bytes = total;
/* If we are in the absolute section, just bump the offset. */
if (now_seg == absolute_section)
{
if (val.X_op != O_constant || val.X_add_number != 0)
as_warn (_("ignoring fill value in absolute section"));
- abs_section_offset += repeat;
+ abs_section_offset += total;
goto getout;
}
@@ -3358,13 +3368,13 @@ s_space (int mult)
if (mri_common_symbol != NULL)
{
S_SET_VALUE (mri_common_symbol,
- S_GET_VALUE (mri_common_symbol) + repeat);
+ S_GET_VALUE (mri_common_symbol) + total);
goto getout;
}
if (!need_pass_2)
p = frag_var (rs_fill, 1, 1, (relax_substateT) 0, (symbolS *) 0,
- (offsetT) repeat, (char *) 0);
+ (offsetT) total, (char *) 0);
}
else
{
--
2.34.1
next prev parent reply other threads:[~2023-03-02 22:04 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-02 22:03 [PATCH v9 0/11 Add support for CRC64 generation in linker binutils
2023-03-02 22:03 ` [PATCH v9 01/11] [gdb/testsuite] Fix gdb.rust/watch.exp on ppc64le binutils
2023-03-02 22:03 ` [PATCH v9 02/11] Remove value_in binutils
2023-03-02 22:04 ` [PATCH v9 03/11] [gdb/testsuite] Fix gdb.python/py-breakpoint.exp timeouts binutils
2023-03-02 22:04 ` [PATCH v9 04/11] gdb: add HtabPrinter to gdb-gdb.py.in binutils
2023-03-02 22:04 ` [PATCH v9 05/11] Automatic date update in version.in binutils
2023-03-02 22:04 ` [PATCH v9 06/11] Memory leak in gas do_repeat binutils
2023-03-02 22:04 ` [PATCH v9 07/11] gas s_fill caused internal error in frag_new binutils
2023-03-02 22:04 ` binutils [this message]
2023-03-02 22:04 ` [PATCH v9 09/11] [gdb/testsuite] Add another xfail case in gdb.python/py-record-btrace.exp binutils
2023-03-02 22:04 ` [PATCH v9 10/11] Fix btrace regression binutils
2023-03-02 22:04 ` [PATCH v9 11/11] Fix typo with my email address binutils
2023-03-02 23:09 ` [PATCH v9 0/11 Add support for CRC64 generation in linker Ulf Samuelsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230302220408.1925678-9-binutils@emagii.com \
--to=binutils@emagii.com \
--cc=amodra@gmail.com \
--cc=binutils@sourceware.org \
--cc=nickc@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).