From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id 462593857C41 for ; Wed, 23 Aug 2023 01:43:13 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 462593857C41 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1bdca7cc28dso40834515ad.1 for ; Tue, 22 Aug 2023 18:43:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692754992; x=1693359792; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=T4bvdDLjcWsdfC+9CzgtRg3q2omOX+yVWB5qXxB5A4k=; b=RpdIcqZQ7P5iD+bN/v94+XVkaWZUCSSheup3eww2ARN4ymK/JQW4TEleu7F5BN3z0q 5G29NRw9ZlAbnRElG/zxItpICcB1fW9lgic180xtq3bVb7DMRlwrziobmzXGW5j4Jp/D NajrNwK3os2Y7iDYQh3ivOtMoyqFUGdHDKxl1UFm7foGs9wmTqtUAUiCTq+4F978WdC8 qzNn04BWLL3impk1BmzrpxPbwMfSgLbxliMdScSw4FiiHTbmVO/EncKq7xWuGEZJMv7H jtQ8eSh9Wh71P8fR13CHuXUmXvCj00kQDgD04awGY1B4jiTCxS7LMtAphW7e7V0E679x JRTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692754992; x=1693359792; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=T4bvdDLjcWsdfC+9CzgtRg3q2omOX+yVWB5qXxB5A4k=; b=K7Is/iUi8imsiN80Sq30omScIa1H5MExpW8/iYPXoCNYwrqgtTZtqGaIPMElxufmxI Ea1xh7uA4SkmxCjmnidG8pgVJkzk3GM9Mm73ohsrqtbes7Yp6yCffo8h2Muq2324BMKq D4gMIxMYj/QdM4kQl8lSIXC9r0BuVR8Ap/2+hS1D617WEdEiJvdd43E+eB3tn10VnHJ7 MeN3PjCLxv96Jct/efGq1ihL3cwKhnBsSgQAtS2H7Pyz/wf2neWShqIHigZl8LAAdw0F QzXsnxZ0NfH6SYAi/PM+2t+YV/Hun7XjLnxIpUEV8Gid2EM/ogE4kbWLcMDs91HVJod4 qyow== X-Gm-Message-State: AOJu0Yz0UGOO8OjOMW8TPCKtOjmVtjEoDFRS1/QBWpBvf5CRBEdI8ixw o33qqHVloNSYiP051qVLkKAeFW2o+fY= X-Google-Smtp-Source: AGHT+IGyrhKh02pkiumH7v5tPXPxMA4+nRqWjWqD6GGK7We//JznWEzBjKr+WCGWLJTISskDtobjbw== X-Received: by 2002:a17:903:447:b0:1b8:971c:b7b7 with SMTP id iw7-20020a170903044700b001b8971cb7b7mr10728676plb.56.1692754992175; Tue, 22 Aug 2023 18:43:12 -0700 (PDT) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id e12-20020a170902d38c00b001bdf046ed71sm9644282pld.120.2023.08.22.18.43.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 18:43:11 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id EE9081142918; Wed, 23 Aug 2023 11:13:08 +0930 (ACST) Date: Wed, 23 Aug 2023 11:13:08 +0930 From: Alan Modra To: binutils@sourceware.org Cc: Paul Iannetta Subject: kvx: asan: out-of-bounds read Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-3034.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: kvx-parse.c:parse_with_restarts does if (!tok.insn[tok.begin]) tok.class_id = -3; then a little later printf_debug (1, "\nEntering rule: %d (Trying to match: (%s)[%d])\n", jump_target, TOKEN_NAME (CLASS_ID (tok)), CLASS_ID (tok)); This results in a buffer overrun in TOKEN_NAME. Fix that. * config/tc-kvx.h (TOKEN_NAME): Check for tok <= 0, not just -1. diff --git a/gas/config/tc-kvx.h b/gas/config/tc-kvx.h index 11787bf0532..85344cbe179 100644 --- a/gas/config/tc-kvx.h +++ b/gas/config/tc-kvx.h @@ -37,7 +37,8 @@ #define KVX_RA_REGNO (67) #define KVX_SP_REGNO (12) -#define TOKEN_NAME(tok) ((tok) == -1 ? "unknown token" : env.tokens_names[(tok) - 1]) +#define TOKEN_NAME(tok) \ + ((tok) <= 0 ? "unknown token" : env.tokens_names[(tok) - 1]) struct token_s { char *insn; -- Alan Modra Australia Development Lab, IBM