From: Alan Modra <amodra@gmail.com>
Date: Thu, 16 Jun 2022 06:50:05 +0000 (+0930)
Subject: use of uninitialised value in input_file_open
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=633de7089179f455d94d0fef54c68c298f545242;p=binutils-gdb.git

use of uninitialised value in input_file_open

Triggered by a file containing just "#N" or "#A".  fgets when hitting
EOF before reading anything returns NULL and does not write to buf.
strchr (buf, '\n') then is reading from uninitialised memory.

	* input-file.c (input_file_open): Don't assume buf contains
	zero string terminator when fgets returns NULL.
---

diff --git a/gas/input-file.c b/gas/input-file.c
index f1085c1f0f1..d7cf56cc09a 100644
--- a/gas/input-file.c
+++ b/gas/input-file.c
@@ -170,20 +170,20 @@ input_file_open (const char *filename,
       c = getc (f_in);
       if (c == 'N')
 	{
-	  if (fgets (buf, sizeof (buf), f_in)
-	      && startswith (buf, "O_APP") && ISSPACE (buf[5]))
+	  char *p = fgets (buf, sizeof (buf), f_in);
+	  if (p && startswith (p, "O_APP") && ISSPACE (p[5]))
 	    preprocess = 0;
-	  if (!strchr (buf, '\n'))
-	    ungetc ('#', f_in);	/* It was longer.  */
+	  if (!p || !strchr (p, '\n'))
+	    ungetc ('#', f_in);
 	  else
 	    ungetc ('\n', f_in);
 	}
       else if (c == 'A')
 	{
-	  if (fgets (buf, sizeof (buf), f_in)
-	      && startswith (buf, "PP") && ISSPACE (buf[2]))
+	  char *p = fgets (buf, sizeof (buf), f_in);
+	  if (p && startswith (p, "PP") && ISSPACE (p[2]))
 	    preprocess = 1;
-	  if (!strchr (buf, '\n'))
+	  if (!p || !strchr (p, '\n'))
 	    ungetc ('#', f_in);
 	  else
 	    ungetc ('\n', f_in);