* use of uninitialised value in input_file_open
@ 2022-06-16 8:44 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2022-06-16 8:44 UTC (permalink / raw)
To: binutils
Triggered by a file containing just "#N" or "#A". fgets when hitting
EOF before reading anything returns NULL and does not write to buf.
strchr (buf, '\n') then is reading from uninitialised memory.
* input-file.c (input_file_open): Don't assume buf contains
zero string terminator when fgets returns NULL.
diff --git a/gas/input-file.c b/gas/input-file.c
index f1085c1f0f1..d7cf56cc09a 100644
--- a/gas/input-file.c
+++ b/gas/input-file.c
@@ -170,20 +170,20 @@ input_file_open (const char *filename,
c = getc (f_in);
if (c == 'N')
{
- if (fgets (buf, sizeof (buf), f_in)
- && startswith (buf, "O_APP") && ISSPACE (buf[5]))
+ char *p = fgets (buf, sizeof (buf), f_in);
+ if (p && startswith (p, "O_APP") && ISSPACE (p[5]))
preprocess = 0;
- if (!strchr (buf, '\n'))
- ungetc ('#', f_in); /* It was longer. */
+ if (!p || !strchr (p, '\n'))
+ ungetc ('#', f_in);
else
ungetc ('\n', f_in);
}
else if (c == 'A')
{
- if (fgets (buf, sizeof (buf), f_in)
- && startswith (buf, "PP") && ISSPACE (buf[2]))
+ char *p = fgets (buf, sizeof (buf), f_in);
+ if (p && startswith (p, "PP") && ISSPACE (p[2]))
preprocess = 1;
- if (!strchr (buf, '\n'))
+ if (!p || !strchr (p, '\n'))
ungetc ('#', f_in);
else
ungetc ('\n', f_in);
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-06-16 8:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-16 8:44 use of uninitialised value in input_file_open Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).