From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: asan: buffer overflows after calling ignore_rest_of_line
Date: Thu, 17 Mar 2022 21:28:23 +1030 [thread overview]
Message-ID: <YjMUT3cM3MmBo3ls@squeak.grove.modra.org> (raw)
operand() is not a place that should be calling ignore_rest_of_line.
ignore_rest_of_line shouldn't increment input_line_pointer if already
at buffer limit.
* expr.c (operand): Don't call ignore_rest_of_line.
* read.c (s_mri_common): Likewise.
(ignore_rest_of_line): Don't increment input_line_pointer if
already at buffer_limit.
diff --git a/gas/expr.c b/gas/expr.c
index bd5b9e70a4a..2341343bf00 100644
--- a/gas/expr.c
+++ b/gas/expr.c
@@ -1212,9 +1212,7 @@ operand (expressionS *expressionP, enum expr_mode mode)
{
as_bad (_("expected symbol name"));
(void) restore_line_pointer (c);
- if (c != ')')
- ignore_rest_of_line ();
- else
+ if (c == ')')
++input_line_pointer;
break;
}
diff --git a/gas/read.c b/gas/read.c
index fe0aff26175..e9a300fe10c 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -1940,7 +1940,6 @@ s_mri_common (int small ATTRIBUTE_UNUSED)
if (S_IS_DEFINED (sym) && !S_IS_COMMON (sym))
{
as_bad (_("symbol `%s' is already defined"), S_GET_NAME (sym));
- ignore_rest_of_line ();
mri_comment_end (stop, stopc);
return;
}
@@ -3980,15 +3979,10 @@ demand_empty_rest_of_line (void)
void
ignore_rest_of_line (void)
{
- while (input_line_pointer < buffer_limit
- && !is_end_of_line[(unsigned char) *input_line_pointer])
- input_line_pointer++;
-
- input_line_pointer++;
-
+ while (input_line_pointer < buffer_limit)
+ if (is_end_of_line[(unsigned char) *input_line_pointer++])
+ break;
/* Return pointing just after end-of-line. */
- if (input_line_pointer <= buffer_limit)
- know (is_end_of_line[(unsigned char) input_line_pointer[-1]]);
}
/* Sets frag for given symbol to zero_address_frag, except when the
--
Alan Modra
Australia Development Lab, IBM
reply other threads:[~2022-03-17 10:58 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjMUT3cM3MmBo3ls@squeak.grove.modra.org \
--to=amodra@gmail.com \
--cc=binutils@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).