From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com
 [IPv6:2607:f8b0:4864:20::d2c])
 by sourceware.org (Postfix) with ESMTPS id 0B20E3952009
 for <binutils@sourceware.org>; Thu, 17 Mar 2022 10:58:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0B20E3952009
Received: by mail-io1-xd2c.google.com with SMTP id e22so5374985ioe.11
 for <binutils@sourceware.org>; Thu, 17 Mar 2022 03:58:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition;
 bh=Erfm5W6S/eS1o2DjUVE2Lf/XqNequ7YDvJePODZhclk=;
 b=0wFn6Dxaze0KrpY6o3ggQBwNowYFTBxagVJsH2vLXucQemXqCwNl9Pd2Jsq5XB/5kk
 5Ih/2RkuJgCPCVs9VFqPtAUz0Hg0mmzF8JHYUNE8iGSjL8qc2huNc1d2Rk0eBTFm+3RA
 Iexb/XPQRQtnD+Jpt5bS8XXyf45LFdbXNMHvfBUFksVTaz1D8rny6Ovv2MZlMKyrYaRe
 Q9YwwPovddziZvJg1hjYWONxoBC8aigyDU+gbqPshM6FvFIOfSLvyLx/mvr+y05guWVr
 p6vG4U4ykXD4ebcWrVbcDszx1guoLJFeHV0OC1wlFJNkPxhuevOESx0O+LBXPc3aRZ6o
 AymA==
X-Gm-Message-State: AOAM5330E9R2C8JeqrN650x9IedMo10A2QGelU84bAE8/hORlRJSHOBR
 SOnBJv55aXuvj7B2jDvXU0B515kQRNs=
X-Google-Smtp-Source: ABdhPJx2tvgZbuDjE5BY4uXabxFZwX6wdcxTDuKbqnFaajEZJWHF5hujBiUYEGQrfR2r8dd7W+wrvw==
X-Received: by 2002:a05:6602:2b0b:b0:60f:6c6f:d114 with SMTP id
 p11-20020a0566022b0b00b0060f6c6fd114mr1911830iov.157.1647514706994; 
 Thu, 17 Mar 2022 03:58:26 -0700 (PDT)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 y20-20020a5d94d4000000b00640843474e2sm2178162ior.10.2022.03.17.03.58.25
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 17 Mar 2022 03:58:26 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 3831D1142F41; Thu, 17 Mar 2022 21:28:23 +1030 (ACDT)
Date: Thu, 17 Mar 2022 21:28:23 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: asan: buffer overflows after calling ignore_rest_of_line
Message-ID: <YjMUT3cM3MmBo3ls@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3037.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 10:58:30 -0000

operand() is not a place that should be calling ignore_rest_of_line.
ignore_rest_of_line shouldn't increment input_line_pointer if already
at buffer limit.

	* expr.c (operand): Don't call ignore_rest_of_line.
	* read.c (s_mri_common): Likewise.
	(ignore_rest_of_line): Don't increment input_line_pointer if
	already at buffer_limit.

diff --git a/gas/expr.c b/gas/expr.c
index bd5b9e70a4a..2341343bf00 100644
--- a/gas/expr.c
+++ b/gas/expr.c
@@ -1212,9 +1212,7 @@ operand (expressionS *expressionP, enum expr_mode mode)
 		{
 		  as_bad (_("expected symbol name"));
 		  (void) restore_line_pointer (c);
-		  if (c != ')')
-		    ignore_rest_of_line ();
-		  else
+		  if (c == ')')
 		    ++input_line_pointer;
 		  break;
 		}
diff --git a/gas/read.c b/gas/read.c
index fe0aff26175..e9a300fe10c 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -1940,7 +1940,6 @@ s_mri_common (int small ATTRIBUTE_UNUSED)
   if (S_IS_DEFINED (sym) && !S_IS_COMMON (sym))
     {
       as_bad (_("symbol `%s' is already defined"), S_GET_NAME (sym));
-      ignore_rest_of_line ();
       mri_comment_end (stop, stopc);
       return;
     }
@@ -3980,15 +3979,10 @@ demand_empty_rest_of_line (void)
 void
 ignore_rest_of_line (void)
 {
-  while (input_line_pointer < buffer_limit
-	 && !is_end_of_line[(unsigned char) *input_line_pointer])
-    input_line_pointer++;
-
-  input_line_pointer++;
-
+  while (input_line_pointer < buffer_limit)
+    if (is_end_of_line[(unsigned char) *input_line_pointer++])
+      break;
   /* Return pointing just after end-of-line.  */
-  if (input_line_pointer <= buffer_limit)
-    know (is_end_of_line[(unsigned char) input_line_pointer[-1]]);
 }
 
 /* Sets frag for given symbol to zero_address_frag, except when the

-- 
Alan Modra
Australia Development Lab, IBM