Commit: Add RX port

Andreas Schwab schwab@suse.de
Mon Aug 20 15:13:00 GMT 2018 

On Sep 29 2009, Nick Clifton <nickc@redhat.com> wrote:

> + void
> + do_repeat_with_expander (int count,
> + 			 const char * start,
> + 			 const char * end,
> + 			 const char * expander)
> + {
> +   sb one;
> +   sb many;
> + 
> +   sb_new (&one);
> +   if (!buffer_and_nest (start, end, &one, get_non_macro_line_sb))
> +     {
> +       as_bad (_("%s without %s"), start, end);
> +       return;
> +     }
> + 
> +   sb_new (&many);
> + 
> +   if (expander != NULL && strstr (one.ptr, expander) != NULL)
> +     {
> +       while (count -- > 0)
> + 	{
> + 	  int len;
> + 	  char * sub;
> + 	  sb processed;
> + 
> + 	  sb_new (& processed);
> + 	  sb_add_sb (& processed, & one);
> + 	  sub = strstr (processed.ptr, expander);
> + 	  len = sprintf (sub, "%d", count);
> + 	  gas_assert (len < 8);
> + 	  strcpy (sub + len, sub + 8);

You cannot do strcpy on a string buffer, since it isn't null
terminated.  This is what valgrind says when running the testsuite:

==4633== Memcheck, a memory error detector
==4633== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==4633== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==4633== Command: /suse/schwab/src/binutils/cross-rx/gas/.libs/as-new --mcpu=rxv2 -o dump.o /daten/src/binutils/binutils/gas/testsuite/gas/rx/rx-asm-good.s
==4633== 
==4633== Conditional jump or move depends on uninitialised value(s)
==4633==    at 0x4C31388: strcpy (vg_replace_strmem.c:510)
==4633==    by 0x4179FC: ??? (in /daten/src/binutils/cross-rx/gas/.libs/as-new)
==4633==    by 0x584BF6F: ???
==4633==    by 0x14: ???
==4633==    by 0x2E: ???
==4633==    by 0x1000011FF: ???
==4633==    by 0x584BFDF: ???
==4633== 

Andreas.

	* read.c (do_repeat_with_expander): Use memmove instead of strcpy
	on unterminated string buffer.

diff --git a/gas/read.c b/gas/read.c
index 1f211b6819..f011149bb3 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -3117,7 +3117,8 @@ do_repeat_with_expander (size_t count,
 	  sub = strstr (processed.ptr, expander);
 	  len = sprintf (sub, "%lu", (unsigned long) count);
 	  gas_assert (len < 8);
-	  strcpy (sub + len, sub + 8);
+	  memmove (sub + len, sub + 8,
+		   processed.ptr + processed.len - (sub + 8));
 	  processed.len -= (8 - len);
 	  sb_add_sb (& many, & processed);
 	  sb_kill (& processed);
-- 
2.18.0


-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

More information about the Binutils mailing list