asan: buffer overflows after calling ignore_rest_of_line

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: asan: buffer overflows after calling ignore_rest_of_line
Date: Thu, 17 Mar 2022 21:28:23 +1030	[thread overview]
Message-ID: <YjMUT3cM3MmBo3ls@squeak.grove.modra.org> (raw)

operand() is not a place that should be calling ignore_rest_of_line.
ignore_rest_of_line shouldn't increment input_line_pointer if already
at buffer limit.

	* expr.c (operand): Don't call ignore_rest_of_line.
	* read.c (s_mri_common): Likewise.
	(ignore_rest_of_line): Don't increment input_line_pointer if
	already at buffer_limit.

diff --git a/gas/expr.c b/gas/expr.c
index bd5b9e70a4a..2341343bf00 100644
--- a/gas/expr.c
+++ b/gas/expr.c
@@ -1212,9 +1212,7 @@ operand (expressionS *expressionP, enum expr_mode mode)
 		{
 		  as_bad (_("expected symbol name"));
 		  (void) restore_line_pointer (c);
-		  if (c != ')')
-		    ignore_rest_of_line ();
-		  else
+		  if (c == ')')
 		    ++input_line_pointer;
 		  break;
 		}
diff --git a/gas/read.c b/gas/read.c
index fe0aff26175..e9a300fe10c 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -1940,7 +1940,6 @@ s_mri_common (int small ATTRIBUTE_UNUSED)
   if (S_IS_DEFINED (sym) && !S_IS_COMMON (sym))
     {
       as_bad (_("symbol `%s' is already defined"), S_GET_NAME (sym));
-      ignore_rest_of_line ();
       mri_comment_end (stop, stopc);
       return;
     }
@@ -3980,15 +3979,10 @@ demand_empty_rest_of_line (void)
 void
 ignore_rest_of_line (void)
 {
-  while (input_line_pointer < buffer_limit
-	 && !is_end_of_line[(unsigned char) *input_line_pointer])
-    input_line_pointer++;
-
-  input_line_pointer++;
-
+  while (input_line_pointer < buffer_limit)
+    if (is_end_of_line[(unsigned char) *input_line_pointer++])
+      break;
   /* Return pointing just after end-of-line.  */
-  if (input_line_pointer <= buffer_limit)
-    know (is_end_of_line[(unsigned char) input_line_pointer[-1]]);
 }
 
 /* Sets frag for given symbol to zero_address_frag, except when the

-- 
Alan Modra
Australia Development Lab, IBM

                 reply	other threads:[~2022-03-17 10:58 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YjMUT3cM3MmBo3ls@squeak.grove.modra.org \
    --to=amodra@gmail.com \
    --cc=binutils@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).