mirror/nasm
2
0
Fork 0
mirror of https://github.com/netwide-assembler/nasm.git synced 2025-03-07 17:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

asm/float.c: fix buffer underflow in float parsing

Browse Source 
When we suffer an underflow that cross limb boundaries, it is possible
to end up with a stack underflow.  Put in an explicit check for this
case (the mantissa will be zero in this case.)

   https://bugzilla.nasm.us/show_bug.cgi?id=3392445

Signed-off-by: H. Peter Anvin (Intel) <hpa@zytor.com>
diff --git a/asm/float.c b/asm/float.c
index dcf69fea..2965d3db 100644
--- a/asm/float.c
+++ b/asm/float.c
@@ -608,6 +608,8 @@ static void ieee_shr(fp_limb *mant, int i)
         if (offs)
             for (j = MANT_LIMBS-1; j >= offs; j--)
                 mant[j] = mant[j-offs];
+    } else if (MANT_LIMBS-1-offs < 0) {
+        j = MANT_LIMBS-1;
     } else {
         n = mant[MANT_LIMBS-1-offs] >> sr;
         for (j = MANT_LIMBS-1; j > offs; j--) {
This commit is contained in:
Adam Majer 2018-07-05 17:40:24 +02:00 committed by H. Peter Anvin
parent 70d429676b
commit c7c28357c8
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
asm/float.c
View File

@ -608,6 +608,8 @@ static void ieee_shr(fp_limb *mant, int i)
if (offs)
for (j = MANT_LIMBS-1; j >= offs; j--)
mant[j] = mant[j-offs];
} else if (MANT_LIMBS-1-offs < 0) {
j = MANT_LIMBS-1;
} else {
n = mant[MANT_LIMBS-1-offs] >> sr;
for (j = MANT_LIMBS-1; j > offs; j--) {