[Bug gas/24009] read.c stringer should return when an error occured
https://sourceware.org/bugzilla/show_bug.cgi?id=24009 --- Comment #3 from wuheng --- (In reply to Nick Clifton from comment #2) > Hi Wu Heng, > > Thanks for reporting this bug, and for supplying a patch. > > I have checked your patch in, along with a new ChangeLog entry. > > Cheers > Nick Thank you for verifying and merging this patch. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24010] New: macro.c get_any_string should check bounds in the while-loop
https://sourceware.org/bugzilla/show_bug.cgi?id=24010 Bug ID: 24010 Summary: macro.c get_any_string should check bounds in the while-loop Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: wu.heng at zte dot com.cn Target Milestone: --- Created attachment 11476 --> https://sourceware.org/bugzilla/attachment.cgi?id=11476=edit The fault sample In the loop below, we do not think about the length of "idx > in->PTR", as the in->PTR may not end in separator. We should add a judgment of "idx < in->len". while (!ISSEP (in->ptr[idx])) sb_add_char (out, in->ptr[idx++]); here is the patch diff --git a/gas/macro.c b/gas/macro.c index 6c0e554..9b542e8 100644 --- a/gas/macro.c +++ b/gas/macro.c @@ -369,7 +369,7 @@ get_any_string (size_t idx, sb *in, sb *out) { if (in->len > idx + 2 && in->ptr[idx + 1] == '\'' && ISBASE (in->ptr[idx])) { - while (!ISSEP (in->ptr[idx])) + while (idx < in->len && !ISSEP (in->ptr[idx])) sb_add_char (out, in->ptr[idx++]); } else if (in->ptr[idx] == '%' && macro_alternate) -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24010] macro.c get_any_string should check bounds in the while-loop
https://sourceware.org/bugzilla/show_bug.cgi?id=24010 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24009] read.c stringer should return when an error occured
https://sourceware.org/bugzilla/show_bug.cgi?id=24009 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24009] New: read.c stringer should return when an error occured
https://sourceware.org/bugzilla/show_bug.cgi?id=24009 Bug ID: 24009 Summary: read.c stringer should return when an error occured Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: wu.heng at zte dot com.cn Target Milestone: --- read.c stringer(): In the following fragment of the stringer(), the error handling statement is missing, which result the var "input_line_pointer" read out-of-bounds in SKIP_WHITESPACE() function. case '<': input_line_pointer++; c = get_single_number (); stringer_append_char (c, bitsize); if (*input_line_pointer != '>') as_bad (_("expected ")); input_line_pointer++; //Should add "ignore_rest_of_line ();return;" before. Otherwise the "input_line_pointer++" will out-of-bound and SKIP_WHITESPACE() will read out-of-bounds then. here is the patch: diff --git a/gas/read.c b/gas/read.c index 4a8b15a..fb5d612 100644 --- a/gas/read.c +++ b/gas/read.c @@ -5390,7 +5390,11 @@ stringer (int bits_appendzero) c = get_single_number (); stringer_append_char (c, bitsize); if (*input_line_pointer != '>') - as_bad (_("expected ")); + { + as_bad (_("expected ")); + ignore_rest_of_line (); + return; + } input_line_pointer++; break; -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23940] check bounds befroe using
https://sourceware.org/bugzilla/show_bug.cgi?id=23940 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn --- Comment #1 from wuheng --- Created attachment 11429 --> https://sourceware.org/bugzilla/attachment.cgi?id=11429=edit bug file to reproduce the error the bound of char* "in->ptr" should be checked first before using! -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23939] Check frch_cfi_data before use
https://sourceware.org/bugzilla/show_bug.cgi?id=23939 --- Comment #3 from wuheng --- (In reply to Alan Modra from comment #2) > How would you like your name to appear on a ChangeLog entry? Author: wu.heng Thanks very much! -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23939] Check frch_cfi_data before use
https://sourceware.org/bugzilla/show_bug.cgi?id=23939 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn --- Comment #1 from wuheng --- Created attachment 11427 --> https://sourceware.org/bugzilla/attachment.cgi?id=11427=edit check var frch_cfi_data before using it I add a test in testsuits, please recheck, thanks very much. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23938] should not free memory alloced in obstack by free()
https://sourceware.org/bugzilla/show_bug.cgi?id=23938 --- Comment #5 from wuheng --- (In reply to Alan Modra from comment #4) > Fixed thx -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23940] New: check bounds befroe using
https://sourceware.org/bugzilla/show_bug.cgi?id=23940 Bug ID: 23940 Summary: check bounds befroe using Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: wu.heng at zte dot com.cn Target Milestone: --- Created attachment 11422 --> https://sourceware.org/bugzilla/attachment.cgi?id=11422=edit check bounds befroe using The var "idx" should be checked before using in function "getstring" gas/macro.c:288. while ((in->ptr[idx] != '>' || nest) && idx < in->len) The out of bounds judgment should be in front of using. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23939] New: Check frch_cfi_data before use
https://sourceware.org/bugzilla/show_bug.cgi?id=23939 Bug ID: 23939 Summary: Check frch_cfi_data before use Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: wu.heng at zte dot com.cn Target Milestone: --- Created attachment 11421 --> https://sourceware.org/bugzilla/attachment.cgi?id=11421=edit check var frch_cfi_data before using it the var "frchain_now->frch_cfi_data" in "dot_cfi_label" function at dw2gencfi.c:1207 should be checked before use! Program may throw SIGSEGV if not. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23938] should not free memory alloced in obstack by free()
https://sourceware.org/bugzilla/show_bug.cgi?id=23938 wuheng changed: What|Removed |Added Component|binutils|gas -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23938] New: should not free memory alloced in obstack by free()
https://sourceware.org/bugzilla/show_bug.cgi?id=23938 Bug ID: 23938 Summary: should not free memory alloced in obstack by free() Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: wu.heng at zte dot com.cn Target Milestone: --- Created attachment 11420 --> https://sourceware.org/bugzilla/attachment.cgi?id=11420=edit free obstack memory use obstack_free() void s_xstab (int what) { int length; char *stab_secname, *stabstr_secname; static char *saved_secname, *saved_strsecname; /* @@ MEMORY LEAK: This allocates a copy of the string, but in most cases it will be the same string, so we could release the storage back to the obstack it came from. */ stab_secname = demand_copy_C_string (); ... if (saved_secname) { free (saved_secname); free (saved_strsecname); } ... } The var "saved_secname" in "s_xstab" function which pointed to the memory alloced in obstack, should not be freed in line 441:"free (saved_secname);". -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils