sb_scrub_and_add_sb not draining input string buffer

sb_scrub_and_add_sb not draining input string buffer

[Alan Modra]

It is possible for sb_scrub_and_add_sb to not consume all of the input
string buffer.  If this happens for reasons explained in the comment,
do_scrub_chars can leave pointers to the string buffer for the next
call.  This patch fixes that by ensuring the input is drained.  Note
that the behaviour for an empty string buffer is also changed,
avoiding another do_scrub_chars bug where empty input and single char
sized output buffers could result in a write past the end of the
output.

	sb.c (sb_scrub_and_add_sb): Loop until all of input sb is
	consumed.

diff --git a/gas/sb.c b/gas/sb.c
index 6a4c4d0c790..c44016a0338 100644
--- a/gas/sb.c
+++ b/gas/sb.c
@@ -111,8 +111,20 @@ sb_scrub_and_add_sb (sb *ptr, sb *s)
   sb_to_scrub = s;
   scrub_position = s->ptr;
 
-  sb_check (ptr, s->len);
-  ptr->len += do_scrub_chars (scrub_from_sb, ptr->ptr + ptr->len, s->len);
+  /* do_scrub_chars can expand text, for example when replacing
+     # 123 "filename"
+     with
+     \t.linefile 123 "filename"
+     or when replacing a 'c with the decimal ascii number for c.
+     So we loop until the input S is consumed.  */
+  while (1)
+    {
+      size_t copy = s->len - (scrub_position - s->ptr);
+      if (copy == 0)
+	break;
+      sb_check (ptr, copy);
+      ptr->len += do_scrub_chars (scrub_from_sb, ptr->ptr + ptr->len, copy);
+    }
 
   sb_to_scrub = 0;
   scrub_position = 0;

-- 
Alan Modra
Australia Development Lab, IBM