BR 2817225: don't overrun a permts buffer with a maximum label

BR 677841 was fixed backwards, with a reverse condition.  Correct the
direction of the fix, and add an assert for the overflow condition.

Note: the bug was non-manifest in previous build, so this is not a
security issue.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>

diff --git a/labels.c b/labels.c
index 88eb46d..3654f47 100644 (file)
--- a/labels.c
+++ b/labels.c
@@ -82,9 +82,9 @@
 #define END_BLOCK -2
 #define BOGUS_VALUE -4
 
-#define PERMTS_SIZE  4096       /* size of text blocks */
-#if (PERMTS_SIZE > IDLEN_MAX)
-#error "IPERMTS_SIZE must be less than or equal to IDLEN_MAX"
+#define PERMTS_SIZE  16384     /* size of text blocks */
+#if (PERMTS_SIZE < IDLEN_MAX)
+#error "IPERMTS_SIZE must be greater than or equal to IDLEN_MAX"
 #endif
 
 /* values for label.defn.is_global */
@@ -481,6 +481,8 @@ static char *perm_copy(const char *string)
     char *p;
     int len = strlen(string)+1;
 
+    nasm_assert(len <= PERMTS_SIZE);
+
     if (perm_tail->size - perm_tail->usage < len) {
         perm_tail->next =
             (struct permts *)nasm_malloc(sizeof(struct permts));