From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <JBeulich@suse.com>
Received: from EUR04-HE1-obe.outbound.protection.outlook.com
 (mail-eopbgr70044.outbound.protection.outlook.com [40.107.7.44])
 by sourceware.org (Postfix) with ESMTPS id A244C3858437
 for <binutils@sourceware.org>; Mon, 15 Aug 2022 15:38:46 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A244C3858437
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=hUbtcXBziMO3UACsYbY9sEUaDPf5CuSm27rHvBPVyLmmM+avjlXsrgsXLC33CncXIbaLeXndG3JqZp3Td67N/5nvfpLXzbgIV8R5jC3jXT8M3jz+GaKvzjXz/njdeSswJ8okFqDraFdCf/1jOKY/EgtsyjKc4rtBg4JOvHc/IiyV3/QM8ssPsv45N45Pd21LVBf089a9fWbWCguGtIBHKqmSzTNFT+LtmMN0KHJ8RcMJyco3DyHr9baxkBo6yYSHZaWc1Dwv1Y7C9UqXHMc3muxUQmX9D2nTSFFdhnt8S7VzytNR7EpbIB57kixSoRq8WEp3IwWy5Gc1RzJnxAXO3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=dS6Lc/cO5XBUuujQLRfd/5aSNC9xSMkXh8FoTM20Am4=;
 b=B33Pv5uAyI2OD03ez+OJoonJRuY6elpL5FKO8UZmyja0CDfbWc3mNczgA8Ba82JlkRHzmcrYAll/ktZ8wTYa9kTTIrDC3gA4rTHFWJxfqlbd8zu8jOBwh6cQZXpoFUIAuNcuTn1ipr1lgNSuOFf5d+qeBBH2sdXOWX0ycGOSTM7sA7Njx6l6yADxsfXSv3pmtOkuLmwP3k8NntY9NdoP3NfaBEYV8o8/2CsBu8mHZzeSu0sVdFMMaXFbuKelk8zPEYy0S6jwlUAyzMacAAllWgSASGZGbah+wqcTEzfkQ+zanqqQVXPbMPUPuyhsYCc4PIFLfIDydRTSbGAgVCKG5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com;
 dkim=pass header.d=suse.com; arc=none
Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25)
 by AS8PR04MB8198.eurprd04.prod.outlook.com (2603:10a6:20b:3b0::14)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.28; Mon, 15 Aug
 2022 15:38:44 +0000
Received: from VE1PR04MB6560.eurprd04.prod.outlook.com
 ([fe80::2d5d:bae0:430f:70ad]) by VE1PR04MB6560.eurprd04.prod.outlook.com
 ([fe80::2d5d:bae0:430f:70ad%4]) with mapi id 15.20.5525.010; Mon, 15 Aug 2022
 15:38:43 +0000
Message-ID: <86a8594d-d3f5-a895-75c3-6a751c398b4e@suse.com>
Date: Mon, 15 Aug 2022 17:38:42 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.12.0
From: Jan Beulich <jbeulich@suse.com>
Subject: [PATCH v2] x86: avoid i386_dis_printf()'s staging area for
 potentially long strings
To: Binutils <binutils@sourceware.org>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: FR3P281CA0146.DEUP281.PROD.OUTLOOK.COM
 (2603:10a6:d10:95::18) To VE1PR04MB6560.eurprd04.prod.outlook.com
 (2603:10a6:803:122::25)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: eefc5eb4-c7e0-45b5-4702-08da7ed43c69
X-MS-TrafficTypeDiagnostic: AS8PR04MB8198:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: WgPWnEJ7rVRdDfuF6kYEkjsDA51xoPstn/t0hLintkA4PhiTaW4L+Ldqi4RyyhAiU4tPaV+l3tNfD1O3WwXa2TxLt5TVzxsqIigRBKUBDlWoI5fYozyoSfXOSDtl/De/eCiYCK17oS3GIeS3i3ZcqIS7/sOUSz8NBzPdvvGJmytGm8w8kdp88XrURhYX5EXMv8X9PZ4DvIfQtthkCuwKJnhjZNe2i0iI3Rqzjnx5XHuur8LgMDJFWKBNV30Pz8R4Gs676Mn8mrdVbq40ayL4fWNSD5JmmybaFsCexiX8GzEre3rxQ7XdZD8+dzlhJNpDJ7JoDJe+z8sxyKmE16sm+htmTWXqKvsq+s8ppRbLyCKib0Pvn8ZLbz12td8tPwdVyHGy9/nM5C2ADAgu7RsWz8p5lvBMnhplpUbv5lLdf64Wht06sYmupZHloKZwC7yBP0jEQdUy7c/GcbmpfmY31yHp8711yLf9n3d/EsEMFD76dSIZCXiwk7+r2rUmRvqm0heBxcciqMFO1Oiz8RplCenDAoP/1pIJG1uNSIeUhWiH8TTCJQGVpdTx0bSNiWaKaWBnhprxnOxDZ0sAcpe5ClwbBxTER/HFGRlROeP7HrsytzegW8PSw07dYY+KQh9DwbddSbD/mlg2wIc7VBJbDz2t6ARSC9ASu1hS9gIUnjzoOa+4+glbi64iOlASYhAKgxHYnw1FBF/RYvsnzKTEWLiibVSKW3iPD1Yw0FH2fCaULF9LXXaGQ/Hnsmej+dMAkCCrHBeJ5nooImauKOyMMMnVlhZiO7gohiN2QeV6/Jw+ov6bi9oa6it+0ZWHQKOs+ayIFr8sSJaO+g0Q4MuYtQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:VE1PR04MB6560.eurprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230016)(136003)(366004)(346002)(396003)(39860400002)(376002)(38100700002)(2616005)(186003)(8936002)(83380400001)(5660300002)(66476007)(8676002)(4326008)(66556008)(66946007)(2906002)(41300700001)(478600001)(6512007)(26005)(54906003)(6916009)(86362001)(6506007)(31696002)(316002)(6486002)(31686004)(36756003)(43740500002)(45980500001);
 DIR:OUT; SFP:1101; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dFlvQ1AvWkYyRkF1dzdidkMrUFpMclI4cmx1dlIraStSTnhwcGZNbUZTSGxF?=
 =?utf-8?B?R0M2Skk4RnBTcHRlTkhwbElPWU1xNEgxbzBHYTJoOUplZU1Zam02TUc5bzE2?=
 =?utf-8?B?ZHZSbjBWbjF5S2Z1RVptbEdHMmljckFtM2x1MXhQQ0hsYkNNSXVrZGRFL3dY?=
 =?utf-8?B?ZC8vcWF2Zm10eVkvSmwyRjBTZHIyRkVsTHNxajJuVkQzRlhNODNqMmVCQ2RG?=
 =?utf-8?B?a3BEOUZBa3g4eEZuamdUdGl6cHI2dVBkdno0bXp0bWNQTW9ncFAyRVMrc1hY?=
 =?utf-8?B?K3E0NERQNzZFbWtudkRIZmtKeEswZEFCZ1NScEFteXYrbnFtQ2hBWnJkc2Ny?=
 =?utf-8?B?NnNzR2U2QkxsOGZibkNkYVlMcHZBdmQvc092aXgzWXZXMkdIWTZhK2RJamxj?=
 =?utf-8?B?VnU3TWQ4amlYQStkblZuTkcyQVdiazByWVUwemhWTm5la0Y2eENmWjlKU3dt?=
 =?utf-8?B?NGVTR25GSnZ5cmJwblhvTmhSM1g4bzBOVFFRU0wxanY2OTJnWDQ4MDhaaGNq?=
 =?utf-8?B?Q3JXV0JHK05OWTRlb3MwTU8vK29lODMvdTZiQjdOTHJYYUZyWEJ3MjEvZXBF?=
 =?utf-8?B?R3dzcjJyT2RBcytxdEtNZG1vUzlBeFZvd09OK08rTm1RQWFPKzlrVTZrQ0FE?=
 =?utf-8?B?Sk5pcW1ncFI2SHRBRFduWXo4TTF5akJSM3c2ZG91NzdLenY0Y0ZQUmRlWmRn?=
 =?utf-8?B?NXgzdVQxRmI5cDVyUnRjbjZKSDE4ZkhyNmtyS0I0RkR6dUlCOXErS0dlSmtn?=
 =?utf-8?B?bUwyNFVja2tSZ1RzKzVhckhnUTkwUnVFNE5NRUY4amdTUFdpNk9OaVlFZmNp?=
 =?utf-8?B?aVYrOHowQ0hnWEgwQ0hTTE8wUFBkei9FVzdPQ3hZTHEyUkhEME9IeEhiTUJ2?=
 =?utf-8?B?MkxDR3Uwdk5tMk43RGc4RUdPbzE5QWhwNVBkbUZOVjZPZHN2d096MFUxa0Yr?=
 =?utf-8?B?NlBXUE1XdUM0ZytRdVYvMndyWWdmNlJvaGY4cGVzM2dHWDdOMVEvMnRxRGdQ?=
 =?utf-8?B?ekFDWHNzdmNxUlVHSVpoU0ZKVllyVGNvaVNwbWhQek9Xekl6ekN5S1FTTGZ3?=
 =?utf-8?B?TDF5dmtRTnlET1p0TU9MZXVucHc5RDZpRnE5S0dlb0xMZmd2ZDVxY3RRWEkz?=
 =?utf-8?B?ZUhvNzJNWlVkSWF1MXZaVTBzbkFOaTM0N3RNcHN0eWozYzJTVTBUTkR1MVR3?=
 =?utf-8?B?Q0xPR3BFY3NRcDgrT1hvMUtLR2s1ZHdLTFZZWVJpZk5iSVZsQnhrMGc1dTgw?=
 =?utf-8?B?QWoxeHcwQTNCWFNlQ1RjV0JHTk9uWDJ6NmlBZkhoSmM2OTlMenAyWHFJeUtJ?=
 =?utf-8?B?anN2SlpWd2p3SUd5VTJwWXVJeWJhU2JSY2FxdFV0Q2Q3UEtMTVZiUS80bDUw?=
 =?utf-8?B?NEsydGQvSFArSzIyVWRkYW9uL1ZzZFhNNWRSMkJVS2g5QXhWYnNCWW9OU3ZP?=
 =?utf-8?B?UXNUNktpbk93VnlCbDcvZmFwN2V3WjBhN2hSU1V0UE1KYVR4bjg5UiswY3p3?=
 =?utf-8?B?dmNYTjd1elliRUxJZXFrM3NRY00ramY0VVNUMHlzZ3A4ZmpwL3p2S2Fvd29S?=
 =?utf-8?B?bmJzeTliQWNuOTlLWXh3d0g0SlhmUU5VTnU2OHQxWWhtb3U2cWowUnZ6dUF4?=
 =?utf-8?B?STJRZGpScmt5dFNVS2lwTGtkYkE3YVQvVzVWUzQ0dlpraUl5M3VwSGNBV0Js?=
 =?utf-8?B?M0g3eXQrQ25YL2dEK2RwWXFjb29IUkVuaU1VZnNHM25YSG9LNHc4VVArUGQx?=
 =?utf-8?B?UG9oKzdKcmFoTGVVNmJiUDA5QXZsRExhMm5WQmNHOS9SVW1LSXRLV3huZ2ow?=
 =?utf-8?B?b24wS0VveVB3OXZ2T3NCaW5zcjhkdCtoM0VDVlB6MmlzbG4xMGhnckFXTXJE?=
 =?utf-8?B?aTNnbFd0QWZKSjE3TlBzb3hVLy9GbnpZV0xBdk85ekdzczdtc3M3Y3cwWnFu?=
 =?utf-8?B?R2p0a3hnRnh1UVA1Tk51bE44dDU3U3ZHRU1SeHlRWjY2RWxwYXBHY3lvYjlq?=
 =?utf-8?B?WXZtZTN5Q3c5L29xb3lJcHEzNzVLdVhJd2ZvUzhCRDNsQWpuN2JaWWlwZVBn?=
 =?utf-8?B?VXpBVk9SdHBiQTZJZllIekJHaWszWlZ3RC9FZld1Tjl4MjdUa2FWSE1EcGRh?=
 =?utf-8?Q?hIO7vTZT8Ipmshwmv2Hm28ZiX?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eefc5eb4-c7e0-45b5-4702-08da7ed43c69
X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Aug 2022 15:38:43.9139 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: He2FTT3smdh0WsPmp/iC1QW0XvDk+wD4H7XeQu1eJN2feFknfrJhIMEalHsrPLyRsLleTpyEaJ3qT2dtIJwtgA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8198
X-Spam-Status: No, score=-3030.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE,
 RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 15:38:48 -0000

PR binutils/29483

When print_insn() processes op_txt[], it may pass strings into
i386_dis_printf() which staging_area[] cannot fit; this was observed for
an invalid form of VPSCATTERDD (both broadcast and zeroing-masking bits
set). Rather than arbitrarily enlarging that local array, avoid its use
altogether when the format string is simply "%s". This merely requires
two local variables to have their type constified.

While limiting the scope of "res" it became apparent that
- no caller cares about the function's return value,
- the comment about the return value was wrong,
- a particular positive return value would have been meaningless to the
  caller.
Therefore convert the function to return "void" at the same time.
---
An alternative to the special casing would be to introduce something
like i386_dis_puts(), then to be used by all call sites which currently
pass "%s" or format strings without any format characters at all (plus,
of course, i386_dis_printf() itself).
---
v2: Add testcase.

--- a/gas/testsuite/gas/i386/i386.exp
+++ b/gas/testsuite/gas/i386/i386.exp
@@ -1349,6 +1349,7 @@ if [gas_64_check] then {
 	run_dump_test ehinterp
     }
     run_dump_test pr27198
+    run_dump_test pr29483
 
     set ASFLAGS "$old_ASFLAGS --64"
 
--- /dev/null
+++ b/gas/testsuite/gas/i386/pr29483.d
@@ -0,0 +1,11 @@
+#objdump: -dw
+#name: x86-64 PR binutils/29483
+
+.*: +file format .*
+
+Disassembly of section .text:
+
+0+ <pr29483>:
+[ 	]*[a-f0-9]+:	65 62 62 7d 97 a0 94 ff 20 20 20 ae 	vpscatterdd .*
+
+0x65,0x62,0x62,0x7d,0x97,0xa0,0x94,0xff,0x20,0x20,0x20,0xae
--- /dev/null
+++ b/gas/testsuite/gas/i386/pr29483.s
@@ -0,0 +1,5 @@
+	.text
+pr29483:
+	# This (VPSCATTERDD with EVEX.br and EVEX.z invalidly set) should not
+	# crash the disassembler.
+	.byte 0x65,0x62,0x62,0x7d,0x97,0xa0,0x94,0xff,0x20,0x20,0x20,0xae
--- a/opcodes/i386-dis.c
+++ b/opcodes/i386-dis.c
@@ -9264,31 +9264,40 @@ oappend_register (instr_info *ins, const
    STYLE is the default style to use in the fprintf_styled_func calls,
    however, FMT might include embedded style markers (see oappend_style),
    these embedded markers are not printed, but instead change the style
-   used in the next fprintf_styled_func call.
+   used in the next fprintf_styled_func call.  */
 
-   Return non-zero to indicate the print call was a success.  */
-
-static int ATTRIBUTE_PRINTF_3
+static void ATTRIBUTE_PRINTF_3
 i386_dis_printf (instr_info *ins, enum disassembler_style style,
 		 const char *fmt, ...)
 {
   va_list ap;
   enum disassembler_style curr_style = style;
-  char *start, *curr;
+  const char *start, *curr;
   char staging_area[100];
-  int res;
 
   va_start (ap, fmt);
-  res = vsnprintf (staging_area, sizeof (staging_area), fmt, ap);
-  va_end (ap);
+  /* In particular print_insn()'s processing of op_txt[] can hand rather long
+     strings here.  Bypass vsnprintf() in such cases to avoid capacity issues
+     with the staging area.  */
+  if (strcmp (fmt, "%s"))
+    {
+      int res = vsnprintf (staging_area, sizeof (staging_area), fmt, ap);
 
-  if (res < 0)
-    return res;
+      va_end (ap);
 
-  if ((size_t) res >= sizeof (staging_area))
-    abort ();
+      if (res < 0)
+	return;
 
-  start = curr = staging_area;
+      if ((size_t) res >= sizeof (staging_area))
+	abort ();
+
+      start = curr = staging_area;
+    }
+  else
+    {
+      start = curr = va_arg (ap, const char *);
+      va_end (ap);
+    }
 
   do
     {
@@ -9303,10 +9312,7 @@ i386_dis_printf (instr_info *ins, enum d
 						     curr_style,
 						     "%.*s", len, start);
 	  if (n < 0)
-	    {
-	      res = n;
-	      break;
-	    }
+	    break;
 
 	  if (*curr == '\0')
 	    break;
@@ -9340,8 +9346,6 @@ i386_dis_printf (instr_info *ins, enum d
 	++curr;
     }
   while (true);
-
-  return res;
 }
 
 static int