From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com
 [IPv6:2607:f8b0:4864:20::62e])
 by sourceware.org (Postfix) with ESMTPS id 5A6D238582BA
 for <binutils@sourceware.org>; Thu, 16 Jun 2022 08:44:12 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5A6D238582BA
Received: by mail-pl1-x62e.google.com with SMTP id h1so740490plf.11
 for <binutils@sourceware.org>; Thu, 16 Jun 2022 01:44:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition;
 bh=MHDW1GVNt+YcI18mEBETh8QTPhrXSmFoLqYPOCQYQWA=;
 b=kfvPJtqCs56ufooqfU/DfbVMO/BhFjqdAGDo5RYqY6Db5LiQi8qSDPiRWXxk5XR7xg
 1gn/ZZIw97s7QW0xi3TzVTVZGHckq4VguNV57/bbKD6icHxT48sd5HVRU1SrJ6zKzvb8
 Qh1HUzJ/FyrrTAr4gn11I83rzthSNMW+xWzVOB9hbD+jaK9M4T+2x+zxQ7HETLLuZVIJ
 AarIIh/0X8Mtnk7UPo3XkkmPqlmp1fSOFrXuVbDEC9Vuj9UW2v6h4bJob/h1w3wyHqg3
 6PkJtM2bqjIA6YjdwjXwXszvzRea49m3VTQxkrvHREnnV5EkssXuZn1yMvWe0Tb2FxLZ
 b7Nw==
X-Gm-Message-State: AJIora9GHv4U4HA4+hW8lDMrUTPsG8Lf2lOzfAxP4kbZ+PNkwnC+gymP
 0bTRnYWqybTllpzyEs2yUMDkIFMKYAQ=
X-Google-Smtp-Source: AGRyM1sY8+Rq673Qu3lXV3S/H1hngeGKezXyWz6oZI6r+L/r8UyQKgLt7D4gK+8XZSg4FqU1y3PAEQ==
X-Received: by 2002:a17:90b:3909:b0:1e8:46ef:d64 with SMTP id
 ob9-20020a17090b390900b001e846ef0d64mr3868678pjb.90.1655369051062; 
 Thu, 16 Jun 2022 01:44:11 -0700 (PDT)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 ep2-20020a17090ae64200b001e2f3831102sm983786pjb.17.2022.06.16.01.44.10
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 16 Jun 2022 01:44:10 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id BB8141143225; Thu, 16 Jun 2022 18:14:07 +0930 (ACST)
Date: Thu, 16 Jun 2022 18:14:07 +0930
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: use of uninitialised value in input_file_open
Message-ID: <YqrtV1Lk7KZeVPMP@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3037.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 08:44:13 -0000

Triggered by a file containing just "#N" or "#A".  fgets when hitting
EOF before reading anything returns NULL and does not write to buf.
strchr (buf, '\n') then is reading from uninitialised memory.

	* input-file.c (input_file_open): Don't assume buf contains
	zero string terminator when fgets returns NULL.

diff --git a/gas/input-file.c b/gas/input-file.c
index f1085c1f0f1..d7cf56cc09a 100644
--- a/gas/input-file.c
+++ b/gas/input-file.c
@@ -170,20 +170,20 @@ input_file_open (const char *filename,
       c = getc (f_in);
       if (c == 'N')
 	{
-	  if (fgets (buf, sizeof (buf), f_in)
-	      && startswith (buf, "O_APP") && ISSPACE (buf[5]))
+	  char *p = fgets (buf, sizeof (buf), f_in);
+	  if (p && startswith (p, "O_APP") && ISSPACE (p[5]))
 	    preprocess = 0;
-	  if (!strchr (buf, '\n'))
-	    ungetc ('#', f_in);	/* It was longer.  */
+	  if (!p || !strchr (p, '\n'))
+	    ungetc ('#', f_in);
 	  else
 	    ungetc ('\n', f_in);
 	}
       else if (c == 'A')
 	{
-	  if (fgets (buf, sizeof (buf), f_in)
-	      && startswith (buf, "PP") && ISSPACE (buf[2]))
+	  char *p = fgets (buf, sizeof (buf), f_in);
+	  if (p && startswith (p, "PP") && ISSPACE (p[2]))
 	    preprocess = 1;
-	  if (!strchr (buf, '\n'))
+	  if (!p || !strchr (p, '\n'))
 	    ungetc ('#', f_in);
 	  else
 	    ungetc ('\n', f_in);

-- 
Alan Modra
Australia Development Lab, IBM