More bounds checking in macro_expand

author Alan Modra <amodra@gmail.com>

Wed, 1 Mar 2023 21:42:00 +0000 (08:12 +1030)

committer Alan Modra <amodra@gmail.com>

Wed, 1 Mar 2023 21:46:02 +0000 (08:16 +1030)
author Alan Modra <amodra@gmail.com>
Wed, 1 Mar 2023 21:42:00 +0000 (08:12 +1030)
committer Alan Modra <amodra@gmail.com>
Wed, 1 Mar 2023 21:46:02 +0000 (08:16 +1030)
diff --git a/gas/macro.c b/gas/macro.c

index 74a1317cb1119ebfa30b057a7f9cf0106509dd96..fae94ae42c186470943d9ea77cba0ba0b9b597ef 100644 (file)
--- a/gas/macro.c
+++ b/gas/macro.c
@@ -1120,7 +1120,7 @@ macro_expand (size_t idx, sb *in, macro_entry *m, sb *out)
              then the actual stuff.  */
           sb_reset (&t);
           idx = get_token (idx, in, &t);
-         if (in->ptr[idx] != '=')
+         if (idx >= in->len || in->ptr[idx] != '=')
             {
               err = _("confusion in formal parameters");
               break;
@@ -1184,7 +1184,7 @@ macro_expand (size_t idx, sb *in, macro_entry *m, sb *out)
  
           if (f->type != FORMAL_VARARG)
             idx = get_any_string (idx, in, &f->actual);
-         else
+         else if (idx < in->len)
             {
               sb_add_buffer (&f->actual, in->ptr + idx, in->len - idx);
               idx = in->len;
@@ -1202,9 +1202,9 @@ macro_expand (size_t idx, sb *in, macro_entry *m, sb *out)
         idx = sb_skip_comma (idx, in);
        else
         {
-         if (in->ptr[idx] == ',')
+         if (idx < in->len && in->ptr[idx] == ',')
             ++idx;
-         if (ISWHITE (in->ptr[idx]))
+         if (idx < in->len && ISWHITE (in->ptr[idx]))
             break;
         }
      }
author	Alan Modra <amodra@gmail.com>
	Wed, 1 Mar 2023 21:42:00 +0000 (08:12 +1030)
committer	Alan Modra <amodra@gmail.com>
	Wed, 1 Mar 2023 21:46:02 +0000 (08:16 +1030)