public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: Catch overflow in gas s_space
Date: Wed, 1 Mar 2023 14:30:36 +1030	[thread overview]
Message-ID: <Y/7N5GnBecgnIXQx@squeak.grove.modra.org> (raw)

Also fix an error introduced in 1998 in reporting a zero count for
negative counts.

      * read.c (s_space): Use unsigned multiply, and catch overflow.
      Correct order of tests for invalid repeat counts.  Ensure
      ignored directives don't affect mri_pending_align.

diff --git a/gas/read.c b/gas/read.c
index 5d83d35e0aa..cff44623541 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -3328,27 +3328,37 @@ s_space (int mult)
 
       if (exp.X_op == O_constant)
 	{
-	  offsetT repeat;
+	  addressT repeat = exp.X_add_number;
+	  addressT total;
 
-	  repeat = exp.X_add_number;
-	  if (mult)
-	    repeat *= mult;
-	  bytes = repeat;
-	  if (repeat <= 0)
+	  bytes = 0;
+	  if ((offsetT) repeat < 0)
+	    {
+	      as_warn (_(".space repeat count is negative, ignored"));
+	      goto getout;
+	    }
+	  if (repeat == 0)
 	    {
 	      if (!flag_mri)
 		as_warn (_(".space repeat count is zero, ignored"));
-	      else if (repeat < 0)
-		as_warn (_(".space repeat count is negative, ignored"));
 	      goto getout;
 	    }
+	  if ((unsigned int) mult <= 1)
+	    total = repeat;
+	  else if (gas_mul_overflow (repeat, mult, &total)
+		   || (offsetT) total < 0)
+	    {
+	      as_warn (_(".space repeat count overflow, ignored"));
+	      goto getout;
+	    }
+	  bytes = total;
 
 	  /* If we are in the absolute section, just bump the offset.  */
 	  if (now_seg == absolute_section)
 	    {
 	      if (val.X_op != O_constant || val.X_add_number != 0)
 		as_warn (_("ignoring fill value in absolute section"));
-	      abs_section_offset += repeat;
+	      abs_section_offset += total;
 	      goto getout;
 	    }
 
@@ -3358,13 +3368,13 @@ s_space (int mult)
 	  if (mri_common_symbol != NULL)
 	    {
 	      S_SET_VALUE (mri_common_symbol,
-			   S_GET_VALUE (mri_common_symbol) + repeat);
+			   S_GET_VALUE (mri_common_symbol) + total);
 	      goto getout;
 	    }
 
 	  if (!need_pass_2)
 	    p = frag_var (rs_fill, 1, 1, (relax_substateT) 0, (symbolS *) 0,
-			  (offsetT) repeat, (char *) 0);
+			  (offsetT) total, (char *) 0);
 	}
       else
 	{

-- 
Alan Modra
Australia Development Lab, IBM

                 reply	other threads:[~2023-03-01  4:00 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y/7N5GnBecgnIXQx@squeak.grove.modra.org \
    --to=amodra@gmail.com \
    --cc=binutils@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).