PR26481 UBSAN: tc-pj.c:281 index out of bounds
Alan Modra
amodra@gmail.com
Sat Aug 29 04:23:20 GMT 2020
PR 26481
* config/tc-pj.c (md_assemble): Don't loop past end of
opcode->arg array.
diff --git a/gas/config/tc-pj.c b/gas/config/tc-pj.c
index bc4b8cb117..1ec84542d0 100644
--- a/gas/config/tc-pj.c
+++ b/gas/config/tc-pj.c
@@ -270,7 +270,7 @@ md_assemble (char *str)
}
else
{
- int an;
+ unsigned int an;
output = frag_more (opcode->len);
output[idx++] = opcode->opcode;
@@ -278,7 +278,7 @@ md_assemble (char *str)
if (opcode->opcode_next != -1)
output[idx++] = opcode->opcode_next;
- for (an = 0; opcode->arg[an]; an++)
+ for (an = 0; an < ARRAY_SIZE (opcode->arg) && opcode->arg[an]; an++)
{
expressionS arg;
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list