From 94f360ea2ffcee8a06cdda62df73b49c75e9a089 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Mon, 31 Aug 2020 17:16:21 +0930 Subject: [PATCH] PR26502 UBSAN: tc-tic6x.c left shift of negative value PR 26502 * config/tc-tic6x.c (md_apply_fix): Use unsigned variables. --- gas/ChangeLog | 5 +++++ gas/config/tc-tic6x.c | 42 +++++++++++++++++++++--------------------- 2 files changed, 26 insertions(+), 21 deletions(-) diff --git a/gas/ChangeLog b/gas/ChangeLog index 2265271dba7..1976c109895 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,3 +1,8 @@ +2020-08-31 Alan Modra + + PR 26502 + * config/tc-tic6x.c (md_apply_fix): Use unsigned variables. + 2020-08-31 Alan Modra PR 26497 diff --git a/gas/config/tc-tic6x.c b/gas/config/tc-tic6x.c index 3295d958988..904d257ac7f 100644 --- a/gas/config/tc-tic6x.c +++ b/gas/config/tc-tic6x.c @@ -3775,7 +3775,7 @@ md_assemble (char *str) void md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) { - offsetT value = *valP; + valueT value = *valP; char *buf = fixP->fx_where + fixP->fx_frag->fr_literal; value = SEXT (value); @@ -3805,7 +3805,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_16: if (fixP->fx_done || !seg->use_rela_p) { - if (value < -0x8000 || value > 0xffff) + if (value + 0x8000 > 0xffff + 0x8000) as_bad_where (fixP->fx_file, fixP->fx_line, _("value too large for 2-byte field")); md_number_to_chars (buf, value, 2); @@ -3815,7 +3815,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_8: if (fixP->fx_done || !seg->use_rela_p) { - if (value < -0x80 || value > 0xff) + if (value + 0x80 > 0xff + 0x80) as_bad_where (fixP->fx_file, fixP->fx_line, _("value too large for 1-byte field")); *buf = value; @@ -3831,7 +3831,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_SBR_GOT_L16_W: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); int shift; switch (fixP->fx_r_type) @@ -3851,7 +3851,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) } MODIFY_VALUE (newval, value, shift, 7, 16); - if ((value < -0x8000 || value > 0x7fff) + if ((value + 0x8000 > 0x7fff + 0x8000) && (fixP->fx_r_type == BFD_RELOC_C6000_ABS_S16 || fixP->fx_r_type == BFD_RELOC_C6000_SBR_S16)) as_bad_where (fixP->fx_file, fixP->fx_line, @@ -3872,7 +3872,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_SBR_GOT_H16_W: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); int shift; switch (fixP->fx_r_type) @@ -3903,7 +3903,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_PCR_L16: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); int shift = fixP->fx_r_type == BFD_RELOC_C6000_PCR_H16 ? 16 : 0; MODIFY_VALUE (newval, value, shift, 7, 16); @@ -3915,10 +3915,10 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_SBR_U15_B: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); MODIFY_VALUE (newval, value, 0, 8, 15); - if (value < 0 || value > 0x7fff) + if (value > 0x7fff) as_bad_where (fixP->fx_file, fixP->fx_line, _("immediate offset out of range")); @@ -3929,7 +3929,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_SBR_U15_H: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); /* Constant ADDA operands, processed as constant when the instruction is parsed, are encoded as-is rather than @@ -3945,7 +3945,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) if (value & 1) as_bad_where (fixP->fx_file, fixP->fx_line, _("immediate offset not 2-byte-aligned")); - if (value < 0 || value > 0xfffe) + if (value > 0xfffe) as_bad_where (fixP->fx_file, fixP->fx_line, _("immediate offset out of range")); @@ -3957,7 +3957,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_SBR_GOT_U15_W: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); /* Constant ADDA operands, processed as constant when the instruction is parsed, are encoded as-is rather than @@ -3973,7 +3973,7 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) if (value & 3) as_bad_where (fixP->fx_file, fixP->fx_line, _("immediate offset not 4-byte-aligned")); - if (value < 0 || value > 0x1fffc) + if (value > 0x1fffc) as_bad_where (fixP->fx_file, fixP->fx_line, _("immediate offset out of range")); @@ -3994,14 +3994,14 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_PCR_S21: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); MODIFY_VALUE (newval, value, 2, 7, 21); if (value & 3) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset not 4-byte-aligned")); - if (value < -0x400000 || value > 0x3ffffc) + if (value + 0x400000 > 0x3ffffc + 0x400000) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset out of range")); @@ -4012,14 +4012,14 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_PCR_S12: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); MODIFY_VALUE (newval, value, 2, 16, 12); if (value & 3) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset not 4-byte-aligned")); - if (value < -0x2000 || value > 0x1ffc) + if (value + 0x2000 > 0x1ffc + 0x2000) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset out of range")); @@ -4030,14 +4030,14 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_PCR_S10: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); MODIFY_VALUE (newval, value, 2, 13, 10); if (value & 3) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset not 4-byte-aligned")); - if (value < -0x800 || value > 0x7fc) + if (value + 0x800 > 0x7fc + 0x800) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset out of range")); @@ -4048,14 +4048,14 @@ md_apply_fix (fixS *fixP, valueT *valP, segT seg ATTRIBUTE_UNUSED) case BFD_RELOC_C6000_PCR_S7: if (fixP->fx_done || !seg->use_rela_p) { - offsetT newval = md_chars_to_number (buf, 4); + valueT newval = md_chars_to_number (buf, 4); MODIFY_VALUE (newval, value, 2, 16, 7); if (value & 3) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset not 4-byte-aligned")); - if (value < -0x100 || value > 0xfc) + if (value + 0x100 > 0xfc + 0x100) as_bad_where (fixP->fx_file, fixP->fx_line, _("PC-relative offset out of range")); -- 2.30.2