Fix potential array overrun in x86 assembler.

author Nick Clifton <nickc@redhat.com>

Fri, 20 Jan 2017 10:32:25 +0000 (10:32 +0000)

committer Nick Clifton <nickc@redhat.com>

Fri, 20 Jan 2017 10:32:25 +0000 (10:32 +0000)
author Nick Clifton <nickc@redhat.com>
Fri, 20 Jan 2017 10:32:25 +0000 (10:32 +0000)
committer Nick Clifton <nickc@redhat.com>
Fri, 20 Jan 2017 10:32:25 +0000 (10:32 +0000)
diff --git a/gas/ChangeLog b/gas/ChangeLog

index d515f3b..fbadd0b 100644 (file)
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,8 @@
+2017-01-20  Nick Clifton  <nickc@redhat.com>
+
+       * config/tc-i386.c (parse_operands): Check for operand overflow
+       before setting the unspecified bit.
+
  2017-01-18  Maciej W. Rozycki  <macro@imgtec.com>
  
         PR gas/20649
diff --git a/gas/config/tc-i386.c b/gas/config/tc-i386.c

index 80812cf..1fc6bc7 100644 (file)
--- a/gas/config/tc-i386.c
+++ b/gas/config/tc-i386.c
@@ -4136,13 +4136,13 @@ parse_operands (char *l, const char *mnemonic)
         {                       /* Yes, we've read in another operand.  */
           unsigned int operand_ok;
           this_operand = i.operands++;
-         i.types[this_operand].bitfield.unspecified = 1;
           if (i.operands > MAX_OPERANDS)
             {
               as_bad (_("spurious operands; (%d operands/instruction max)"),
                       MAX_OPERANDS);
               return NULL;
             }
+         i.types[this_operand].bitfield.unspecified = 1;
           /* Now parse operand adding info to 'i' as we go along.  */
           END_STRING_AND_SAVE (l);
author	Nick Clifton <nickc@redhat.com>
	Fri, 20 Jan 2017 10:32:25 +0000 (10:32 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Fri, 20 Jan 2017 10:32:25 +0000 (10:32 +0000)
gas/ChangeLog		patch \| blob \| history
gas/config/tc-i386.c		patch \| blob \| history