https://sourceware.org/bugzilla/show_bug.cgi?id=24009

            Bug ID: 24009
           Summary: read.c stringer should return when an error occured
           Product: binutils
           Version: 2.32 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gas
          Assignee: unassigned at sourceware dot org
          Reporter: wu.heng at zte dot com.cn
  Target Milestone: ---

read.c stringer(): In the following fragment of the stringer(), the error
handling statement is missing, which result the var "input_line_pointer" read
out-of-bounds in SKIP_WHITESPACE() function.
 case '<':
   input_line_pointer++;
   c = get_single_number ();
   stringer_append_char (c, bitsize);
   if (*input_line_pointer != '>')
     as_bad (_("expected <nn>"));
   input_line_pointer++;
   //Should add "ignore_rest_of_line ();return;" before. Otherwise the
"input_line_pointer++" will out-of-bound and SKIP_WHITESPACE() will read
out-of-bounds then.



here is the patch:

diff --git a/gas/read.c b/gas/read.c
index 4a8b15a..fb5d612 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -5390,7 +5390,11 @@ stringer (int bits_appendzero)
          c = get_single_number ();
          stringer_append_char (c, bitsize);
          if (*input_line_pointer != '>')
-           as_bad (_("expected <nn>"));
+           {
+             as_bad (_("expected <nn>"));
+             ignore_rest_of_line ();
+             return;
+           }

          input_line_pointer++;
          break;

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to