From: Peter Johnson <peter@tortall.net>
Date: Fri, 3 Dec 2004 06:09:30 +0000 (-0000)
Subject: Fix free-before-use case in x86 finalize code.  Bytecode transformation
X-Git-Tag: v0.5.0rc1~188
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7c23a1e805b2a9f41b1e9c6e7edd989ea3033be2;p=yasm

Fix free-before-use case in x86 finalize code.  Bytecode transformation
deletes the old bytecode, so it's not safe to use anything from the old
bytecode after this point (such as the prefixes array passed to arch
finalize).

 * x86bc.c (yasm_x86__bc_apply_prefixes): Take x86_common as parameter
rather than bytecode; add line parameter instead of referencing bc->line.
 * x86arch.h (yasm_x86__bc_apply_prefixes): Likewise.
 * x86id.re (x86_finalize_jmpfar, x86_finalize_jmp)
(yasm_x86__finalize_insn): Apply prefixes before bytecode transform.


svn path=/trunk/yasm/; revision=1186
---

diff --git a/modules/arch/x86/x86arch.h b/modules/arch/x86/x86arch.h
index 1d712525..b89b3b19 100644
--- a/modules/arch/x86/x86arch.h
+++ b/modules/arch/x86/x86arch.h
@@ -231,7 +231,8 @@ void yasm_x86__bc_transform_jmp(yasm_bytecode *bc, x86_jmp *jmp);
 void yasm_x86__bc_transform_jmpfar(yasm_bytecode *bc, x86_jmpfar *jmpfar);
 
 void yasm_x86__bc_apply_prefixes
-    (yasm_bytecode *bc, int num_prefixes, unsigned long **prefixes);
+    (x86_common *common, int num_prefixes, unsigned long **prefixes,
+     unsigned long line);
 
 void yasm_x86__ea_init(yasm_effaddr *ea, unsigned int spare,
 		       /*@null@*/ yasm_symrec *origin);
diff --git a/modules/arch/x86/x86bc.c b/modules/arch/x86/x86bc.c
index 2d1d4fd3..cce71e71 100644
--- a/modules/arch/x86/x86bc.c
+++ b/modules/arch/x86/x86bc.c
@@ -270,17 +270,16 @@ yasm_x86__ea_create_imm(yasm_expr *imm, unsigned int im_len)
 /*@=compmempass@*/
 
 void
-yasm_x86__bc_apply_prefixes(yasm_bytecode *bc, int num_prefixes,
-			    unsigned long **prefixes)
+yasm_x86__bc_apply_prefixes(x86_common *common, int num_prefixes,
+			    unsigned long **prefixes, unsigned long line)
 {
-    x86_common *common = (x86_common *)bc->contents;
     int i;
 
     for (i=0; i<num_prefixes; i++) {
 	switch ((x86_parse_insn_prefix)prefixes[i][0]) {
 	    case X86_LOCKREP:
 		if (common->lockrep_pre != 0)
-		    yasm__warning(YASM_WARN_GENERAL, bc->line,
+		    yasm__warning(YASM_WARN_GENERAL, line,
 			N_("multiple LOCK or REP prefixes, using leftmost"));
 		common->lockrep_pre = (unsigned char)prefixes[i][1];
 		break;
diff --git a/modules/arch/x86/x86id.re b/modules/arch/x86/x86id.re
index d96aeef6..e4e7fe6f 100644
--- a/modules/arch/x86/x86id.re
+++ b/modules/arch/x86/x86id.re
@@ -1754,9 +1754,11 @@ x86_finalize_jmpfar(yasm_arch *arch, yasm_bytecode *bc,
 	    yasm_internal_error(N_("didn't get FAR expression in jmpfar"));
     }
 
+    yasm_x86__bc_apply_prefixes((x86_common *)jmpfar, num_prefixes, prefixes,
+				bc->line);
+
     /* Transform the bytecode */
     yasm_x86__bc_transform_jmpfar(bc, jmpfar);
-    yasm_x86__bc_apply_prefixes(bc, num_prefixes, prefixes);
 }
 
 static void
@@ -1856,9 +1858,11 @@ x86_finalize_jmp(yasm_arch *arch, yasm_bytecode *bc, yasm_bytecode *prev_bc,
 	yasm__error(bc->line,
 		    N_("no NEAR form of that jump instruction exists"));
 
+    yasm_x86__bc_apply_prefixes((x86_common *)jmp, num_prefixes, prefixes,
+				bc->line);
+
     /* Transform the bytecode */
     yasm_x86__bc_transform_jmp(bc, jmp);
-    yasm_x86__bc_apply_prefixes(bc, num_prefixes, prefixes);
 }
 
 void
@@ -2420,9 +2424,11 @@ yasm_x86__finalize_insn(yasm_arch *arch, yasm_bytecode *bc,
     } else
 	insn->imm = NULL;
 
+    yasm_x86__bc_apply_prefixes((x86_common *)insn, num_prefixes, prefixes,
+				bc->line);
+
     /* Transform the bytecode */
     yasm_x86__bc_transform_insn(bc, insn);
-    yasm_x86__bc_apply_prefixes(bc, num_prefixes, prefixes);
 }