From c2a5914e1b686cd765cf95e09be89584eba99741 Mon Sep 17 00:00:00 2001
From: Tristan Gingold <gingold@adacore.com>
Date: Tue, 3 Dec 2013 16:46:59 +0100
Subject: [PATCH] Fix crash on intelbad.

gas/
2013-12-03  Tristan Gingold  <gingold@adacore.com>

	* config/tc-i386-intel.c (i386_intel_simplify): Avoid arithmetic
	overflow on pointers.
---
 gas/ChangeLog              |  5 +++++
 gas/config/tc-i386-intel.c | 10 ++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/gas/ChangeLog b/gas/ChangeLog
index b293b46..5235f4d 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,8 @@
+2013-12-03  Tristan Gingold  <gingold@adacore.com>
+
+	* config/tc-i386-intel.c (i386_intel_simplify): Avoid arithmetic
+	overflow on pointers.
+
 2013-11-19  Yufeng Zhang  <yufeng.zhang@arm.com>
 
 	Revert
diff --git a/gas/config/tc-i386-intel.c b/gas/config/tc-i386-intel.c
index 8a2224a..6df17e2 100644
--- a/gas/config/tc-i386-intel.c
+++ b/gas/config/tc-i386-intel.c
@@ -417,23 +417,21 @@ static int i386_intel_simplify (expressionS *e)
       if (this_operand >= 0 && intel_state.in_bracket)
 	{
 	  expressionS *scale = NULL;
-
-	  if (intel_state.index)
-	    --scale;
+	  int has_index = (intel_state.index != NULL);
 
 	  if (!intel_state.in_scale++)
 	    intel_state.scale_factor = 1;
 
 	  ret = i386_intel_simplify_symbol (e->X_add_symbol);
-	  if (ret && !scale && intel_state.index)
+	  if (ret && !has_index && intel_state.index)
 	    scale = symbol_get_value_expression (e->X_op_symbol);
 
 	  if (ret)
 	    ret = i386_intel_simplify_symbol (e->X_op_symbol);
-	  if (ret && !scale && intel_state.index)
+	  if (ret && !scale && !has_index && intel_state.index)
 	    scale = symbol_get_value_expression (e->X_add_symbol);
 
-	  if (ret && scale && (scale + 1))
+	  if (ret && scale)
 	    {
 	      resolve_expression (scale);
 	      if (scale->X_op != O_constant
-- 
2.7.4