[PATCH] Arm: parse_neon_type() weaknesses

Richard Earnshaw Richard.Earnshaw@arm.com
Wed Aug 6 14:33:31 GMT 2025
On 01/08/2025 14:40, Jan Beulich wrote:
> The custom parsing done there and in one of its callers allowed various
> bogus constructs to be accepted. Insist on a non-zero leading digit when
> parsing numbers, don't lose upper bits, and insist on proper separation
> of operands.
> ---
> While it would be nice to avoid the double errors on many of the lines,
> first_error() doesn't really lend itself for use here, as diagnostic
> arguments can't be recorded that way.

Yikes!

OK, thanks.

R.

> 
> --- a/gas/config/tc-arm.c
> +++ b/gas/config/tc-arm.c
> @@ -1474,7 +1474,7 @@ parse_neon_type (struct neon_type *type,
>     while (type->elems < NEON_MAX_TYPE_ELS)
>       {
>         enum neon_el_type thistype = NT_untyped;
> -      unsigned thissize = -1u;
> +      unsigned long thissize = -1ul;
>   
>         if (*ptr != '.')
>   	break;
> @@ -1505,14 +1505,17 @@ parse_neon_type (struct neon_type *type,
>   	      return FAIL;
>   	    }
>   	  ptr += 1;
> +	  if (!ISDIGIT (*ptr) || *ptr == '0')
> +	    goto unexpected;
>   	  thissize = strtoul (ptr, &ptr, 10);
>   	  if (thissize != 16)
>   	    {
> -	      as_bad (_("bad size %d in type specifier"), thissize);
> +	      as_bad (_("bad size %lu in type specifier"), thissize);
>   	      return FAIL;
>   	    }
>   	  goto done;
>   	default:
> +	unexpected:
>   	  as_bad (_("unexpected character `%c' in type specifier"), *ptr);
>   	  return FAIL;
>   	}
> @@ -1525,12 +1528,14 @@ parse_neon_type (struct neon_type *type,
>         else
>   	{
>   	parsesize:
> +	  if (!ISDIGIT (*ptr) || *ptr == '0')
> +	    goto unexpected;
>   	  thissize = strtoul (ptr, &ptr, 10);
>   
>   	  if (thissize != 8 && thissize != 16 && thissize != 32
>   	      && thissize != 64)
>   	    {
> -	      as_bad (_("bad size %d in type specifier"), thissize);
> +	      as_bad (_("bad size %lu in type specifier"), thissize);
>   	      return FAIL;
>   	    }
>   	}
> @@ -22470,7 +22475,8 @@ opcode_lookup (char **str)
>   	  if (parse_neon_type (&inst.vectype, str) == FAIL)
>   	    return NULL;
>   	}
> -      else if (end[offset] != '\0' && !is_whitespace (end[offset]))
> +
> +      if (**str != '\0' && !is_whitespace (**str))
>   	return NULL;
>       }
>     else
> --- a/gas/testsuite/gas/arm/neon-suffix-bad.d
> +++ b/gas/testsuite/gas/arm/neon-suffix-bad.d
> @@ -1,3 +1,3 @@
> -# name: Bad suffix for non-Neon mnemonic
> +# name: Bad suffix for (non-)Neon mnemonic
>   # as: -mfpu=neon
>   # error_output: neon-suffix-bad.l
> --- a/gas/testsuite/gas/arm/neon-suffix-bad.l
> +++ b/gas/testsuite/gas/arm/neon-suffix-bad.l
> @@ -7,3 +7,24 @@
>   [^:]*:10: Error: invalid neon suffix for non neon instruction
>   [^:]*:11: Error: invalid neon suffix for non neon instruction
>   [^:]*:12: Error: invalid instruction shape -- `vcvt.f64.s32 d0,s0,#11'
> +[^:]*:19: Error: unexpected character `0' .*
> +#?[^:]*:19: Error: .*
> +[^:]*:20: Error: unexpected character `0' .*
> +#?[^:]*:20: Error: .*
> +[^:]*:22: Error: unexpected character `-' .*
> +#?[^:]*:22: Error: .*
> +[^:]*:23: Error: bad instruction .*
> +[^:]*:25: Error: bad size .*
> +#?[^:]*:25: Error: .*
> +[^:]*:26: Error: bad size .*
> +#?[^:]*:26: Error: .*
> +[^:]*:28: Error: unexpected type character `b' .*
> +#?[^:]*:28: Error: .*
> +[^:]*:29: Error: unexpected character ` ' .*
> +#?[^:]*:29: Error: .*
> +[^:]*:30: Error: .* register expected .*
> +[^:]*:31: Error: unexpected character ` ' .*
> +#?[^:]*:31: Error: .*
> +[^:]*:32: Error: .* register expected .*
> +[^:]*:34: Error: bad instruction .*
> +[^:]*:35: Error: bad instruction .*
> --- a/gas/testsuite/gas/arm/neon-suffix-bad.s
> +++ b/gas/testsuite/gas/arm/neon-suffix-bad.s
> @@ -11,3 +11,25 @@ faddd.f32 d0, d0, d0
>   faddd.f64 d0, d0, d0
>   vcvt.f64.s32 d0, s0, #11
>   
> +	.arm
> +	.arch armv8.6-a
> +	.arch_extension simd
> +	vcvt.bf16.f32	d0, q0		@ good, for reference
> +
> +	vcvt.bf016.f32	d0, q0
> +	vcvt.bf16.f032	d0, q0
> +
> +	vcvt.bf-4294967280.f32	d0, q0
> +	vcvt.bf16.f-4294967264	d0, q0
> +
> +	vcvt.bf4294967312.f32	d0, q0
> +	vcvt.bf16.f4294967328	d0, q0
> +
> +	vcvt.b f16.f32	d0, q0
> +	vcvt.bf 16.f32	d0, q0
> +	vcvt.bf16 .f32	d0, q0
> +	vcvt.bf16. f32	d0, q0
> +	vcvt.bf16.f 32	d0, q0
> +
> +	vcvt.bf16.f32d0, q0
> +	vcvt.bf16.fd0, q0



More information about the Binutils mailing list