This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
[RFA:] Fix access beyond end-of-string in gas/macro.c
- From: Hans-Peter Nilsson <hp at bitrange dot com>
- To: binutils at sources dot redhat dot com
- Date: Sun, 10 Nov 2002 12:22:45 -0500 (EST)
- Subject: [RFA:] Fix access beyond end-of-string in gas/macro.c
Valgrind found this when running the test gas/macros/irp.s
"macro irp". I'm not totally clear on the correctness of the
logic, it seems a bit muddy. Anyway, with the old logic
in->ptr[idx + 1] goes beyond the defined area in->ptr[0..len-1].
All gas, binutils and ld tests pass for mmix-knuth-mmixware with
this fix (when not running in valgrind; there are other bugs).
BTW, to run gas tests in valgrind, add "valgrind -q" after the "exec" in
gas/testsuite/lib/run. There might be a suitable hook in dejagnu, but I
haven't found it, and it'd be wrong for the gas tests anyway since
valgrind would then just execute the wrapper "run" (i.e. /bin/sh).
Ok to commit?
* macro.c (get_any_string): Correct logic for not going beyond end
of in->ptr[].
Index: macro.c
===================================================================
RCS file: /cvs/src/src/gas/macro.c,v
retrieving revision 1.17
diff -p -c -r1.17 macro.c
*** macro.c 3 May 2002 02:25:33 -0000 1.17
--- macro.c 10 Nov 2002 16:59:37 -0000
*************** get_any_string (idx, in, out, expand, pr
*** 366,372 ****
if (idx < in->len)
{
! if (in->len > 2 && in->ptr[idx + 1] == '\'' && ISBASE (in->ptr[idx]))
{
while (!ISSEP (in->ptr[idx]))
sb_add_char (out, in->ptr[idx++]);
--- 366,372 ----
if (idx < in->len)
{
! if (in->len > idx + 2 && in->ptr[idx + 1] == '\'' && ISBASE (in->ptr[idx]))
{
while (!ISSEP (in->ptr[idx]))
sb_add_char (out, in->ptr[idx++]);
brgds, H-P