From fe779266b39080e49b04e61160e6af8be439c182 Mon Sep 17 00:00:00 2001 From: Andrew Burgess Date: Wed, 4 May 2016 13:57:10 +0100 Subject: [PATCH] gas/arc: Fix array overrun when checking opcode array The opcode array iterator mechanism can, in some situations, result in reading memory outside of the opcode array. When using the iterator-next mechanism to find the next possible arc_opcode, if we find an opcode where the name field is NULL, or the name does not match, then the cached opcode pointer is not set to NULL. The result is that another call to iterator-next will again increment the opcode pointer (which might now point outside the opcode array) and attempt to access the name field of this undefined opcode. Fixed in this commit by clearing the cached opcode pointer. I've added a test case, which currently shows the bug, however, this will only expose this bug while the opcode used (dsp_fp_cmp) is the last opcode in the table. gas/ChangeLog: * config/tc-arc.c (arc_opcode_hash_entry_iterator_next): Set cached opcode to NULL when we reach a non-matching opcode. * testsuite/gas/arc/asm-errors-2.d: New file. * testsuite/gas/arc/asm-errors-2.err: New file. * testsuite/gas/arc/asm-errors-2.s: New file. --- gas/ChangeLog | 8 ++++++++ gas/config/tc-arc.c | 4 ++-- gas/testsuite/gas/arc/asm-errors-2.d | 2 ++ gas/testsuite/gas/arc/asm-errors-2.err | 2 ++ gas/testsuite/gas/arc/asm-errors-2.s | 2 ++ 5 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 gas/testsuite/gas/arc/asm-errors-2.d create mode 100644 gas/testsuite/gas/arc/asm-errors-2.err create mode 100644 gas/testsuite/gas/arc/asm-errors-2.s diff --git a/gas/ChangeLog b/gas/ChangeLog index bd529cd8954..ac921abf22f 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,3 +1,11 @@ +2016-05-18 Andrew Burgess + + * config/tc-arc.c (arc_opcode_hash_entry_iterator_next): Set + cached opcode to NULL when we reach a non-matching opcode. + * testsuite/gas/arc/asm-errors-2.d: New file. + * testsuite/gas/arc/asm-errors-2.err: New file. + * testsuite/gas/arc/asm-errors-2.s: New file. + 2016-05-18 Andrew Burgess * config/tc-arc.c (tokenize_arguments): Add checks for array diff --git a/gas/config/tc-arc.c b/gas/config/tc-arc.c index ca94b1f6d9b..2f43be5ce39 100644 --- a/gas/config/tc-arc.c +++ b/gas/config/tc-arc.c @@ -674,8 +674,8 @@ arc_opcode_hash_entry_iterator_next (const struct arc_opcode_hash_entry *entry, const char *old_name = iter->opcode->name; iter->opcode++; - if (iter->opcode->name - && (strcmp (old_name, iter->opcode->name) != 0)) + if (iter->opcode->name == NULL + || strcmp (old_name, iter->opcode->name) != 0) { iter->index++; if (iter->index == entry->count) diff --git a/gas/testsuite/gas/arc/asm-errors-2.d b/gas/testsuite/gas/arc/asm-errors-2.d new file mode 100644 index 00000000000..fd3c09a0820 --- /dev/null +++ b/gas/testsuite/gas/arc/asm-errors-2.d @@ -0,0 +1,2 @@ +#as: -mcpu=arcem +#error-output: asm-errors-2.err diff --git a/gas/testsuite/gas/arc/asm-errors-2.err b/gas/testsuite/gas/arc/asm-errors-2.err new file mode 100644 index 00000000000..64fdc9ad94e --- /dev/null +++ b/gas/testsuite/gas/arc/asm-errors-2.err @@ -0,0 +1,2 @@ +[^:]*: Assembler messages: +[^:]*:2: Error: inappropriate arguments for opcode 'dsp_fp_cmp' diff --git a/gas/testsuite/gas/arc/asm-errors-2.s b/gas/testsuite/gas/arc/asm-errors-2.s new file mode 100644 index 00000000000..f5bf8da3912 --- /dev/null +++ b/gas/testsuite/gas/arc/asm-errors-2.s @@ -0,0 +1,2 @@ + .text + dsp_fp_cmp r0 -- 2.30.2