Fix a potential illegal memory access whilt parsing an x86 insn.

PR 24308 * config/tc-i386.c (parse_insn): Check mnemp before using it to determine if a suffix can be trimmed.
2024-11-25 19:14:52 +08:00 · 2019-03-15 11:58:05 +00:00 · 2019-03-15 11:58:05 +00:00 · 1c529385d9
commit 1c529385d9
parent fe3fef62ad
2 changed files with 42 additions and 32 deletions
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@ -1,3 +1,9 @@
+2019-03-15  Li Hao  <li.hao296@zte.com.cn>
+
+	PR 24308
+	* config/tc-i386.c (parse_insn): Check mnemp before using it to
+	determine if a suffix can be trimmed.
+
 2019-03-13  Christian Eggers  <ceggers@gmx.de>

 	* dwarf2dbg.c (out_set_addr): Align relocation within .debug_line.
--- a/gas/config/tc-i386.c
+++ b/gas/config/tc-i386.c
@ -4561,46 +4561,50 @@ parse_insn (char *line, char *mnemonic)
  if (!current_templates)
    {
 check_suffix:
-      /* See if we can get a match by trimming off a suffix.  */
-      switch (mnem_p[-1])
+      if (mnem_p > mnemonic)
 	{
-	case WORD_MNEM_SUFFIX:
-	  if (intel_syntax && (intel_float_operand (mnemonic) & 2))
-	    i.suffix = SHORT_MNEM_SUFFIX;
-	  else
-	    /* Fall through.  */
-	case BYTE_MNEM_SUFFIX:
-	case QWORD_MNEM_SUFFIX:
-	  i.suffix = mnem_p[-1];
-	  mnem_p[-1] = '\0';
-	  current_templates = (const templates *) hash_find (op_hash,
-                                                             mnemonic);
-	  break;
-	case SHORT_MNEM_SUFFIX:
-	case LONG_MNEM_SUFFIX:
-	  if (!intel_syntax)
+	  /* See if we can get a match by trimming off a suffix.  */
+	  switch (mnem_p[-1])
 	    {
-	      i.suffix = mnem_p[-1];
-	      mnem_p[-1] = '\0';
-	      current_templates = (const templates *) hash_find (op_hash,
-                                                                 mnemonic);
-	    }
-	  break;
-
-	  /* Intel Syntax.  */
-	case 'd':
-	  if (intel_syntax)
-	    {
-	      if (intel_float_operand (mnemonic) == 1)
+	    case WORD_MNEM_SUFFIX:
+	      if (intel_syntax && (intel_float_operand (mnemonic) & 2))
 		i.suffix = SHORT_MNEM_SUFFIX;
 	      else
-		i.suffix = LONG_MNEM_SUFFIX;
+		/* Fall through.  */
+	      case BYTE_MNEM_SUFFIX:
+	      case QWORD_MNEM_SUFFIX:
+		i.suffix = mnem_p[-1];
 	      mnem_p[-1] = '\0';
 	      current_templates = (const templates *) hash_find (op_hash,
-                                                                 mnemonic);
+								 mnemonic);
+	      break;
+	    case SHORT_MNEM_SUFFIX:
+	    case LONG_MNEM_SUFFIX:
+	      if (!intel_syntax)
+		{
+		  i.suffix = mnem_p[-1];
+		  mnem_p[-1] = '\0';
+		  current_templates = (const templates *) hash_find (op_hash,
+								     mnemonic);
+		}
+	      break;
+
+	      /* Intel Syntax.  */
+	    case 'd':
+	      if (intel_syntax)
+		{
+		  if (intel_float_operand (mnemonic) == 1)
+		    i.suffix = SHORT_MNEM_SUFFIX;
+		  else
+		    i.suffix = LONG_MNEM_SUFFIX;
+		  mnem_p[-1] = '\0';
+		  current_templates = (const templates *) hash_find (op_hash,
+								     mnemonic);
+		}
+	      break;
 	    }
-	  break;
 	}
+
      if (!current_templates)
 	{
 	  as_bad (_("no such instruction: `%s'"), token_start);