[Bug gold/20765] [2.27 Regression] gold internal error in fix_errata on aarch64-linux-gnu
https://sourceware.org/bugzilla/show_bug.cgi?id=20765 Han Shen changed: What|Removed |Added CC||shenhan at google dot com --- Comment #1 from Han Shen --- The erratum insn address recorded in Erratum_stub is not updated after relaxation passes, which move input sections forward / backward (thus changes the erratum insn address). I've had a preliminary patch, but that leads to relocation overflow errors. I'll continue investigation. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/20896] AS: Buffer Overflow when expanding .irp directives
https://sourceware.org/bugzilla/show_bug.cgi?id=20896 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |NEW Last reconfirmed||2016-12-05 CC||amodra at gmail dot com Ever confirmed|0 |1 --- Comment #3 from Alan Modra --- The problem is that next_char_of_string() only returns NOT_A_CHAR for '\"'. NOT_A_CHAR is tested by is_a_char() in demand_copy_string() to determine the end of string. A NUL is not seen as the end of string.. ie. demand_copy_string() can merrily read off the end of input. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/20896] AS: Buffer Overflow when expanding .irp directives
https://sourceware.org/bugzilla/show_bug.cgi?id=20896 Alan Modra changed: What|Removed |Added Priority|P2 |P3 Severity|normal |enhancement --- Comment #4 from Alan Modra --- Hmm, maybe do_scrub_chars is supposed to handle inserting a missing terminating quite. I'm not sure. Anyway, I'm not going to be sucked into trying to fix assembler faults on bogus input. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug gas/20896] AS: Buffer Overflow when expanding .irp directives
https://sourceware.org/bugzilla/show_bug.cgi?id=20896 --- Comment #5 from Marcel Böhme --- Hi Alan, If you wish, we can stop reporting assertion failures which might be considered false positives for fuzzed input; but I suppose you are interested in buffer overflows and other crashes, which could cause difficult-to-localize problems in the tool chain or even risks to a system's security. Quite sure that several of our test cases translate into some actual user test cases. Here is one for the IRP directive: .global _start .text _start: ;# write(1, message, 13) .irp param,1,2,3 ;# 3 "Here be dragons mov $1, %rax mov $1, %rdi mov $message, %rsi mov $13, %rdx syscall .endr ;# exit(0) mov $60, %rax xor %rdi, %rdi syscall message: .ascii "Hello, world\n" -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
