From 3b889a787863d22694bb53eb08160c94ab52c58d Mon Sep 17 00:00:00 2001 From: Andrew Burgess Date: Tue, 3 May 2016 13:43:44 +0100 Subject: [PATCH] gas/arc: Add guard against operand array overflow. Currently supplying an input file with too many operands to an instruction will cause the assembler to overflow and array and trigger undefined behaviour. This change checks that we don't access outside the limits of the operand array. gas/ChangeLog: * config/tc-arc.c (tokenize_arguments): Add checks for array overflow. * testsuite/gas/arc/asm-errors.s: Addition test line added. * testsuite/gas/arc/asm-errors.err: Update expected results. --- gas/ChangeLog | 7 +++++++ gas/config/tc-arc.c | 12 +++++++----- gas/testsuite/gas/arc/asm-errors.err | 2 ++ gas/testsuite/gas/arc/asm-errors.s | 1 + 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/gas/ChangeLog b/gas/ChangeLog index aa507703ff0..bd529cd8954 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,3 +1,10 @@ +2016-05-18 Andrew Burgess + + * config/tc-arc.c (tokenize_arguments): Add checks for array + overflow. + * testsuite/gas/arc/asm-errors.s: Addition test line added. + * testsuite/gas/arc/asm-errors.err: Update expected results. + 2016-05-18 Trevor Saunders * config/tc-rx.c (struct cpu_type): Change the type of a field from diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c index 28f135b2c78..ca94b1f6d9b 100644 --- a/gas/config/tc-arc.c +++ b/gas/config/tc-arc.c @@ -1039,7 +1039,7 @@ tokenize_arguments (char *str, case ']': ++input_line_pointer; --brk_lvl; - if (!saw_arg) + if (!saw_arg || num_args == ntok) goto err; tok->X_op = O_bracket; ++tok; @@ -1049,7 +1049,7 @@ tokenize_arguments (char *str, case '{': case '[': input_line_pointer++; - if (brk_lvl) + if (brk_lvl || num_args == ntok) goto err; ++brk_lvl; tok->X_op = O_bracket; @@ -1060,7 +1060,7 @@ tokenize_arguments (char *str, case '@': /* We have labels, function names and relocations, all starting with @ symbol. Sort them out. */ - if (saw_arg && !saw_comma) + if ((saw_arg && !saw_comma) || num_args == ntok) goto err; /* Parse @label. */ @@ -1165,7 +1165,7 @@ tokenize_arguments (char *str, /* Fall through. */ default: - if (saw_arg && !saw_comma) + if ((saw_arg && !saw_comma) || num_args == ntok) goto err; tok->X_op = O_absent; @@ -1181,7 +1181,9 @@ tokenize_arguments (char *str, normalsymbol: debug_exp (tok); - if (tok->X_op == O_illegal || tok->X_op == O_absent) + if (tok->X_op == O_illegal + || tok->X_op == O_absent + || num_args == ntok) goto err; saw_comma = FALSE; diff --git a/gas/testsuite/gas/arc/asm-errors.err b/gas/testsuite/gas/arc/asm-errors.err index 35390fc3e89..e889eb8e0e7 100644 --- a/gas/testsuite/gas/arc/asm-errors.err +++ b/gas/testsuite/gas/arc/asm-errors.err @@ -2,3 +2,5 @@ [^:]*:2: Error: inappropriate arguments for opcode 'adc' [^:]*:3: Error: inappropriate arguments for opcode 'adc' [^:]*:4: Error: inappropriate arguments for opcode 'adc' +[^:]*:5: Error: extra comma +[^:]*:5: Error: syntax error diff --git a/gas/testsuite/gas/arc/asm-errors.s b/gas/testsuite/gas/arc/asm-errors.s index 6e0fd6ae1ab..d3f16c07f41 100644 --- a/gas/testsuite/gas/arc/asm-errors.s +++ b/gas/testsuite/gas/arc/asm-errors.s @@ -2,3 +2,4 @@ adc.al.ra r0,r0,r2 adc.eq.eq r0,r0,r2 adc.n.eq r0,r0,r2 + add r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0,r0