diff options
author | Andrew Burgess <andrew.burgess@embecosm.com> | 2016-05-03 13:43:44 +0100 |
---|---|---|
committer | Andrew Burgess <andrew.burgess@embecosm.com> | 2016-05-18 22:22:49 +0100 |
commit | 3b889a787863d22694bb53eb08160c94ab52c58d (patch) | |
tree | 3daf3579bfc29fe642bf90aa804a06dd452c416d /gas/config/tc-arc.c | |
parent | 45f4ed92d14ddf891be1470556f53de6c94c8dc2 (diff) | |
download | binutils-gdb-3b889a787863d22694bb53eb08160c94ab52c58d.tar.gz |
gas/arc: Add guard against operand array overflow.
Currently supplying an input file with too many operands to an
instruction will cause the assembler to overflow and array and trigger
undefined behaviour.
This change checks that we don't access outside the limits of the
operand array.
gas/ChangeLog:
* config/tc-arc.c (tokenize_arguments): Add checks for array
overflow.
* testsuite/gas/arc/asm-errors.s: Addition test line added.
* testsuite/gas/arc/asm-errors.err: Update expected results.
Diffstat (limited to 'gas/config/tc-arc.c')
-rw-r--r-- | gas/config/tc-arc.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c index 28f135b2c78..ca94b1f6d9b 100644 --- a/gas/config/tc-arc.c +++ b/gas/config/tc-arc.c @@ -1039,7 +1039,7 @@ tokenize_arguments (char *str, case ']': ++input_line_pointer; --brk_lvl; - if (!saw_arg) + if (!saw_arg || num_args == ntok) goto err; tok->X_op = O_bracket; ++tok; @@ -1049,7 +1049,7 @@ tokenize_arguments (char *str, case '{': case '[': input_line_pointer++; - if (brk_lvl) + if (brk_lvl || num_args == ntok) goto err; ++brk_lvl; tok->X_op = O_bracket; @@ -1060,7 +1060,7 @@ tokenize_arguments (char *str, case '@': /* We have labels, function names and relocations, all starting with @ symbol. Sort them out. */ - if (saw_arg && !saw_comma) + if ((saw_arg && !saw_comma) || num_args == ntok) goto err; /* Parse @label. */ @@ -1165,7 +1165,7 @@ tokenize_arguments (char *str, /* Fall through. */ default: - if (saw_arg && !saw_comma) + if ((saw_arg && !saw_comma) || num_args == ntok) goto err; tok->X_op = O_absent; @@ -1181,7 +1181,9 @@ tokenize_arguments (char *str, normalsymbol: debug_exp (tok); - if (tok->X_op == O_illegal || tok->X_op == O_absent) + if (tok->X_op == O_illegal + || tok->X_op == O_absent + || num_args == ntok) goto err; saw_comma = FALSE; |