| commit | c7c28357c85fb0bf4105419195bc204aea0fef35 | |
| author | Adam Majer <amajer@suse.de> | |
| Thu, 5 Jul 2018 15:40:24 +0000 (5 17:40 +0200) | ||
| committer | H. Peter Anvin <hpa@zytor.com> | |
| Fri, 6 Jul 2018 10:08:15 +0000 (6 03:08 -0700) | ||
| tree | e450d12452ef9f130e8f3397616c7cc9ec6890b3 | treesnapshot (tar.gz zip) |
| parent | 70d429676bd5db1a5d437ee6f796fd4f0e122434 | commitdiff |
asm/float.c: fix buffer underflow in float parsing
When we suffer an underflow that cross limb boundaries, it is possible
to end up with a stack underflow. Put in an explicit check for this
case (the mantissa will be zero in this case.)
https://bugzilla.nasm.us/show_bug.cgi?id=3392445
Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
diff --git a/asm/float.c b/asm/float.c
index dcf69fea..2965d3db 100644
--- a/asm/float.c
+++ b/asm/float.c
@@ -608,6 +608,8 @@ static void ieee_shr(fp_limb *mant, int i)
if (offs)
for (j = MANT_LIMBS-1; j >= offs; j--)
mant[j] = mant[j-offs];
+ } else if (MANT_LIMBS-1-offs < 0) {
+ j = MANT_LIMBS-1;
} else {
n = mant[MANT_LIMBS-1-offs] >> sr;
for (j = MANT_LIMBS-1; j > offs; j--) {
When we suffer an underflow that cross limb boundaries, it is possible
to end up with a stack underflow. Put in an explicit check for this
case (the mantissa will be zero in this case.)
https://bugzilla.nasm.us/show_bug.cgi?id=3392445
Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
diff --git a/asm/float.c b/asm/float.c
index dcf69fea..2965d3db 100644
--- a/asm/float.c
+++ b/asm/float.c
@@ -608,6 +608,8 @@ static void ieee_shr(fp_limb *mant, int i)
if (offs)
for (j = MANT_LIMBS-1; j >= offs; j--)
mant[j] = mant[j-offs];
+ } else if (MANT_LIMBS-1-offs < 0) {
+ j = MANT_LIMBS-1;
} else {
n = mant[MANT_LIMBS-1-offs] >> sr;
for (j = MANT_LIMBS-1; j > offs; j--) {
| asm/float.c | diffblobblamehistory |