bpf: gas: avoid UB in pointer subtraction

The PARSE_ERROR macro in md_assemble performs pointer subtraction.  If
parse_expression returns NULL then the later will be part of the
subtraction and therefore UB will be incurred.

This patch changes md_assemble to:
1. Accommodate all invocations to parse_expression to the fact it will
   return NULL when a parse error occurs.
2. Avoid UB in PARSE_ERROR.

Tested in bpf-unknown-none target / x86_64-linux-gnu host.

gas/ChangeLog:

	* config/tc-bpf.c (md_assemble): Fix to take into account that
	parse_expression can return NULL.
	(PARSE_ERROR): Avoid passing invalid length to parse_error.

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 8be29915d8de3f49cb760f6810e979154e34f6c4..3ae1d7773596c35b34d4187944a659b5287faf60 100644 (file)
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,9 @@
+2024-02-19  Jose E. Marchesi  <jose.marchesi@oracle.com>
+
+       * config/tc-bpf.c (md_assemble): Fix to take into account that
+       parse_expression can return NULL.
+       (PARSE_ERROR): Avoid passing invalid length to parse_error.
+
 2024-02-15 Will Hawkins  <hawkinsw@obs.cr>
 
        * testsuite/gas/bpf/indcall-1-pseudoc.d: Do not select xbpf cpu

diff --git a/gas/config/tc-bpf.c b/gas/config/tc-bpf.c
index 43e098c2a86f6f937584e791f6032f11aa4e707e..e23de4e0d19ae49aeb8f6f72ddaff332eb4ab293 100644 (file)
--- a/gas/config/tc-bpf.c
+++ b/gas/config/tc-bpf.c
@@ -935,7 +935,7 @@ encode_insn (struct bpf_insn *insn, char *bytes,
       if (immediate_overflow (imm, 32))
         as_bad (_("immediate out of range, shall fit in 32 bits"));
       else
-        encode_int32 (insn->imm32.X_add_number, bytes + 4);        
+        encode_int32 (insn->imm32.X_add_number, bytes + 4);
     }
 
   if (insn->has_disp32 && insn->disp32.X_op == O_constant)
@@ -1454,7 +1454,7 @@ md_assemble (char *str ATTRIBUTE_UNUSED)
   partial_match_length = 0;
   errmsg = NULL;
 
-#define PARSE_ERROR(...) parse_error (s - str, __VA_ARGS__)
+#define PARSE_ERROR(...) parse_error (s > str ? s - str : 0, __VA_ARGS__)
 
   while ((opcode = bpf_get_opcode (idx++)) != NULL)
     {
@@ -1590,6 +1590,8 @@ md_assemble (char *str ATTRIBUTE_UNUSED)
               else if (strncmp (p, "%i32", 4) == 0
                        || strncmp (p, "%I32", 4) == 0)
                 {
+                  char *exp = NULL;
+
                   if (p[1] == 'I')
                     {
                       while (*s == ' ' || *s == '\t')
@@ -1601,17 +1603,20 @@ md_assemble (char *str ATTRIBUTE_UNUSED)
                         }
                     }
 
-                  s = parse_expression (s, &insn.imm32);
-                  if (s == NULL)
+                  exp = parse_expression (s, &insn.imm32);
+                  if (exp == NULL)
                     {
                       PARSE_ERROR ("expected signed 32-bit immediate");
                       break;
                     }
+                  s = exp;
                   insn.has_imm32 = 1;
                   p += 4;
                 }
               else if (strncmp (p, "%o16", 4) == 0)
                 {
+                  char *exp = NULL;
+
                   while (*s == ' ' || *s == '\t')
                     s += 1;
                   if (*s != '+' && *s != '-')
@@ -1620,46 +1625,53 @@ md_assemble (char *str ATTRIBUTE_UNUSED)
                       break;
                     }
 
-                  s = parse_expression (s, &insn.offset16);
-                  if (s == NULL)
+                  exp = parse_expression (s, &insn.offset16);
+                  if (exp == NULL)
                     {
                       PARSE_ERROR ("expected signed 16-bit offset");
                       break;
                     }
+                  s = exp;
                   insn.has_offset16 = 1;
                   p += 4;
                 }
               else if (strncmp (p, "%d16", 4) == 0)
                 {
-                  s = parse_expression (s, &insn.disp16);
-                  if (s == NULL)
+                  char *exp = parse_expression (s, &insn.disp16);
+
+                  if (exp == NULL)
                     {
                       PARSE_ERROR ("expected signed 16-bit displacement");
                       break;
                     }
+                  s = exp;
                   insn.has_disp16 = 1;
                   insn.is_relaxable = (insn.disp16.X_op != O_constant);
                   p += 4;
                 }
               else if (strncmp (p, "%d32", 4) == 0)
                 {
-                  s = parse_expression (s, &insn.disp32);
-                  if (s == NULL)
+                  char *exp = parse_expression (s, &insn.disp32);
+
+                  if (exp == NULL)
                     {
                       PARSE_ERROR ("expected signed 32-bit displacement");
                       break;
                     }
+                  s = exp;
                   insn.has_disp32 = 1;
                   p += 4;
                 }
               else if (strncmp (p, "%i64", 4) == 0)
                 {
-                  s = parse_expression (s, &insn.imm64);
-                  if (s == NULL)
+                  char *exp = parse_expression (s, &insn.imm64);
+
+                  if (exp == NULL)
                     {
                       PARSE_ERROR ("expected signed 64-bit immediate");
                       break;
                     }
+                  s = exp;
                   insn.has_imm64 = 1;
                   insn.size = 16;
                   p += 4;
@@ -1717,6 +1729,7 @@ md_assemble (char *str ATTRIBUTE_UNUSED)
         {
           as_bad ("%s", errmsg);
           free (errmsg);
+          errmsg = NULL;
         }
 
       return;