[Bug gas/24009] read.c stringer should return when an error occured
https://sourceware.org/bugzilla/show_bug.cgi?id=24009 --- Comment #3 from wuheng --- (In reply to Nick Clifton from comment #2) > Hi Wu Heng, > > Thanks for reporting this bug, and for supplying a patch. > > I have checked your patch in, along with a new ChangeLog entry. > > Cheers > Nick Thank you for verifying and merging this patch. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24010] New: macro.c get_any_string should check bounds in the while-loop
https://sourceware.org/bugzilla/show_bug.cgi?id=24010
Bug ID: 24010
Summary: macro.c get_any_string should check bounds in the
while-loop
Product: binutils
Version: 2.32 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gas
Assignee: unassigned at sourceware dot org
Reporter: wu.heng at zte dot com.cn
Target Milestone: ---
Created attachment 11476
--> https://sourceware.org/bugzilla/attachment.cgi?id=11476=edit
The fault sample
In the loop below, we do not think about the length of "idx > in->PTR", as the
in->PTR may not end in separator. We should add a judgment of "idx < in->len".
while (!ISSEP (in->ptr[idx]))
sb_add_char (out, in->ptr[idx++]);
here is the patch
diff --git a/gas/macro.c b/gas/macro.c
index 6c0e554..9b542e8 100644
--- a/gas/macro.c
+++ b/gas/macro.c
@@ -369,7 +369,7 @@ get_any_string (size_t idx, sb *in, sb *out)
{
if (in->len > idx + 2 && in->ptr[idx + 1] == '\'' && ISBASE
(in->ptr[idx]))
{
- while (!ISSEP (in->ptr[idx]))
+ while (idx < in->len && !ISSEP (in->ptr[idx]))
sb_add_char (out, in->ptr[idx++]);
}
else if (in->ptr[idx] == '%' && macro_alternate)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24010] macro.c get_any_string should check bounds in the while-loop
https://sourceware.org/bugzilla/show_bug.cgi?id=24010 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24009] read.c stringer should return when an error occured
https://sourceware.org/bugzilla/show_bug.cgi?id=24009 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/24009] New: read.c stringer should return when an error occured
https://sourceware.org/bugzilla/show_bug.cgi?id=24009
Bug ID: 24009
Summary: read.c stringer should return when an error occured
Product: binutils
Version: 2.32 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gas
Assignee: unassigned at sourceware dot org
Reporter: wu.heng at zte dot com.cn
Target Milestone: ---
read.c stringer(): In the following fragment of the stringer(), the error
handling statement is missing, which result the var "input_line_pointer" read
out-of-bounds in SKIP_WHITESPACE() function.
case '<':
input_line_pointer++;
c = get_single_number ();
stringer_append_char (c, bitsize);
if (*input_line_pointer != '>')
as_bad (_("expected "));
input_line_pointer++;
//Should add "ignore_rest_of_line ();return;" before. Otherwise the
"input_line_pointer++" will out-of-bound and SKIP_WHITESPACE() will read
out-of-bounds then.
here is the patch:
diff --git a/gas/read.c b/gas/read.c
index 4a8b15a..fb5d612 100644
--- a/gas/read.c
+++ b/gas/read.c
@@ -5390,7 +5390,11 @@ stringer (int bits_appendzero)
c = get_single_number ();
stringer_append_char (c, bitsize);
if (*input_line_pointer != '>')
- as_bad (_("expected "));
+ {
+ as_bad (_("expected "));
+ ignore_rest_of_line ();
+ return;
+ }
input_line_pointer++;
break;
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23940] check bounds befroe using
https://sourceware.org/bugzilla/show_bug.cgi?id=23940 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn --- Comment #1 from wuheng --- Created attachment 11429 --> https://sourceware.org/bugzilla/attachment.cgi?id=11429=edit bug file to reproduce the error the bound of char* "in->ptr" should be checked first before using! -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23939] Check frch_cfi_data before use
https://sourceware.org/bugzilla/show_bug.cgi?id=23939 --- Comment #3 from wuheng --- (In reply to Alan Modra from comment #2) > How would you like your name to appear on a ChangeLog entry? Author: wu.heng Thanks very much! -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23939] Check frch_cfi_data before use
https://sourceware.org/bugzilla/show_bug.cgi?id=23939 wuheng changed: What|Removed |Added CC||wu.heng at zte dot com.cn --- Comment #1 from wuheng --- Created attachment 11427 --> https://sourceware.org/bugzilla/attachment.cgi?id=11427=edit check var frch_cfi_data before using it I add a test in testsuits, please recheck, thanks very much. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23938] should not free memory alloced in obstack by free()
https://sourceware.org/bugzilla/show_bug.cgi?id=23938 --- Comment #5 from wuheng --- (In reply to Alan Modra from comment #4) > Fixed thx -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23940] New: check bounds befroe using
https://sourceware.org/bugzilla/show_bug.cgi?id=23940 Bug ID: 23940 Summary: check bounds befroe using Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: wu.heng at zte dot com.cn Target Milestone: --- Created attachment 11422 --> https://sourceware.org/bugzilla/attachment.cgi?id=11422=edit check bounds befroe using The var "idx" should be checked before using in function "getstring" gas/macro.c:288. while ((in->ptr[idx] != '>' || nest) && idx < in->len) The out of bounds judgment should be in front of using. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23939] New: Check frch_cfi_data before use
https://sourceware.org/bugzilla/show_bug.cgi?id=23939 Bug ID: 23939 Summary: Check frch_cfi_data before use Product: binutils Version: 2.32 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: gas Assignee: unassigned at sourceware dot org Reporter: wu.heng at zte dot com.cn Target Milestone: --- Created attachment 11421 --> https://sourceware.org/bugzilla/attachment.cgi?id=11421=edit check var frch_cfi_data before using it the var "frchain_now->frch_cfi_data" in "dot_cfi_label" function at dw2gencfi.c:1207 should be checked before use! Program may throw SIGSEGV if not. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/23938] should not free memory alloced in obstack by free()
https://sourceware.org/bugzilla/show_bug.cgi?id=23938 wuheng changed: What|Removed |Added Component|binutils|gas -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/23938] New: should not free memory alloced in obstack by free()
https://sourceware.org/bugzilla/show_bug.cgi?id=23938
Bug ID: 23938
Summary: should not free memory alloced in obstack by free()
Product: binutils
Version: 2.32 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: wu.heng at zte dot com.cn
Target Milestone: ---
Created attachment 11420
--> https://sourceware.org/bugzilla/attachment.cgi?id=11420=edit
free obstack memory use obstack_free()
void
s_xstab (int what)
{
int length;
char *stab_secname, *stabstr_secname;
static char *saved_secname, *saved_strsecname;
/* @@ MEMORY LEAK: This allocates a copy of the string, but in most
cases it will be the same string, so we could release the storage
back to the obstack it came from. */
stab_secname = demand_copy_C_string ();
...
if (saved_secname)
{
free (saved_secname);
free (saved_strsecname);
}
...
}
The var "saved_secname" in "s_xstab" function which pointed to the memory
alloced in obstack, should not be freed in line 441:"free (saved_secname);".
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
