gas: don't allow single quote to go past eol

Fuzzers have found a testcase where expr() runs off the end of a strdup
buffer created in tc-i386.c check_Scc_OszcOperations.
printf '\"\000.insn EVEX  {scc='\''\000' > test.s

This patch fixes the overrun, and another parsing error that has
existed since commit 219deb70ce2c.  gas/testsuite/gas/mri/float.s
doesn't exercise that mri mode code path.

	* expr.c (operand): Don't increment input_line_pointer past
	end of line/statement when single quote appears at the end of
	a line.  Don't increment input_line_pointer before mri mode
	':' hex float.

diff --git a/gas/expr.c b/gas/expr.c
index 7108d7332c4e178c387da0f7119f8480410d94bc..ec6cedf60d1bdc8206d7fb662f8f05ff4714ce4b 100644 (file)
--- a/gas/expr.c
+++ b/gas/expr.c
@@ -1063,7 +1063,9 @@ operand (expressionS *expressionP, enum expr_mode mode)
             character, parity errors and all, is taken as the value
             of the operand.  VERY KINKY.  */
          expressionP->X_op = O_constant;
-         expressionP->X_add_number = *input_line_pointer++;
+         expressionP->X_add_number = *input_line_pointer;
+         if (!is_end_of_stmt (*input_line_pointer))
+           input_line_pointer++;
          break;
        }
 
@@ -1325,7 +1327,6 @@ operand (expressionS *expressionP, enum expr_mode mode)
       /* In MRI mode, this is a floating point constant represented
         using hexadecimal digits.  */
 
-      ++input_line_pointer;
       integer_constant (16, expressionP);
       break;