projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df57332)
asan: buffer overflows after calling ignore_rest_of_line
authorAlan Modra <amodra@gmail.com>
Thu, 17 Mar 2022 01:24:40 +0000 (11:54 +1030)
committerAlan Modra <amodra@gmail.com>
Thu, 17 Mar 2022 11:02:44 +0000 (21:32 +1030)
operand() is not a place that should be calling ignore_rest_of_line.
ignore_rest_of_line shouldn't increment input_line_pointer if already
at buffer limit.

* expr.c (operand): Don't call ignore_rest_of_line.
* read.c (s_mri_common): Likewise.
(ignore_rest_of_line): Don't increment input_line_pointer if
already at buffer_limit.

gas/expr.c patch | blob | history
gas/read.c patch | blob | history

diff --git a/gas/expr.c b/gas/expr.c
index bd5b9e70a4a931a727f11798fa74bbc8498cdb9d..2341343bf007d4687971cd1d5ceab70eb2448937 100644 (file)
--- a/gas/expr.c
+++ b/gas/expr.c
@@ -1212,9 +1212,7 @@ operand (expressionS *expressionP, enum expr_mode mode)
                {
                  as_bad (_("expected symbol name"));
                  (void) restore_line_pointer (c);
-                 if (c != ')')
-                   ignore_rest_of_line ();
-                 else
+                 if (c == ')')
                    ++input_line_pointer;
                  break;
                }
diff --git a/gas/read.c b/gas/read.c
index fe0aff261757f74069ed56e154804b809225db1e..e9a300fe10c4189744e3374297dd24dd8ac941a8 100644 (file)
--- a/gas/read.c
+++ b/gas/read.c
@@ -1940,7 +1940,6 @@ s_mri_common (int small ATTRIBUTE_UNUSED)
   if (S_IS_DEFINED (sym) && !S_IS_COMMON (sym))
     {
       as_bad (_("symbol `%s' is already defined"), S_GET_NAME (sym));
-      ignore_rest_of_line ();
       mri_comment_end (stop, stopc);
       return;
     }
@@ -3980,15 +3979,10 @@ demand_empty_rest_of_line (void)
 void
 ignore_rest_of_line (void)
 {
-  while (input_line_pointer < buffer_limit
-        && !is_end_of_line[(unsigned char) *input_line_pointer])
-    input_line_pointer++;
-
-  input_line_pointer++;
-
+  while (input_line_pointer < buffer_limit)
+    if (is_end_of_line[(unsigned char) *input_line_pointer++])
+      break;
   /* Return pointing just after end-of-line.  */
-  if (input_line_pointer <= buffer_limit)
-    know (is_end_of_line[(unsigned char) input_line_pointer[-1]]);
 }
 
 /* Sets frag for given symbol to zero_address_frag, except when the