From 548c8b2ba71f5c93035028a32a596cca37c9b7cf Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Mon, 31 Aug 2020 16:30:45 +0930
Subject: [PATCH] PR26495 UBSAN: tc-score.c, tc-score7.c left shift of negative
 value

	PR 26495
	* config/tc-score.c (s3_apply_fix): Use unsigned variables.
	* config/tc-score7.c (s7_apply_fix): Likewise.
---
 gas/ChangeLog          |  6 ++++++
 gas/config/tc-score.c  | 12 ++++++------
 gas/config/tc-score7.c | 18 +++++++++---------
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 791a1f1812..0d55433db3 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,9 @@
+2020-08-31  Alan Modra  <amodra@gmail.com>
+
+	PR 26495
+	* config/tc-score.c (s3_apply_fix): Use unsigned variables.
+	* config/tc-score7.c (s7_apply_fix): Likewise.
+
 2020-08-31  Alan Modra  <amodra@gmail.com>
 
 	PR 26480
diff --git a/gas/config/tc-score.c b/gas/config/tc-score.c
index e4b4934ff8..594905e82e 100644
--- a/gas/config/tc-score.c
+++ b/gas/config/tc-score.c
@@ -7065,10 +7065,10 @@ s3_section_align (segT segment ATTRIBUTE_UNUSED, valueT size)
 static void
 s3_apply_fix (fixS *fixP, valueT *valP, segT seg)
 {
-  offsetT value = *valP;
-  offsetT newval;
-  offsetT content;
-  unsigned short HI, LO;
+  valueT value = *valP;
+  valueT newval;
+  valueT content;
+  valueT HI, LO;
 
   char *buf = fixP->fx_frag->fr_literal + fixP->fx_where;
 
@@ -7099,7 +7099,7 @@ s3_apply_fix (fixS *fixP, valueT *valP, segT seg)
       if (fixP->fx_done)        /* For la rd, imm32.  */
         {
           newval = s3_md_chars_to_number (buf, s3_INSN_SIZE);
-          HI = (value) >> 16;   /* mul to 2, then take the hi 16 bit.  */
+          HI = value >> 16;   /* mul to 2, then take the hi 16 bit.  */
           newval |= (HI & 0x3fff) << 1;
           newval |= ((HI >> 14) & 0x3) << 16;
           s3_md_number_to_chars (buf, newval, s3_INSN_SIZE);
@@ -7109,7 +7109,7 @@ s3_apply_fix (fixS *fixP, valueT *valP, segT seg)
       if (fixP->fx_done)        /* For la rd, imm32.  */
         {
           newval = s3_md_chars_to_number (buf, s3_INSN_SIZE);
-          LO = (value) & 0xffff;
+          LO = value & 0xffff;
           newval |= (LO & 0x3fff) << 1; /* 16 bit: imm -> 14 bit in lo, 2 bit in hi.  */
           newval |= ((LO >> 14) & 0x3) << 16;
           s3_md_number_to_chars (buf, newval, s3_INSN_SIZE);
diff --git a/gas/config/tc-score7.c b/gas/config/tc-score7.c
index bd4923a258..36abcc83ae 100644
--- a/gas/config/tc-score7.c
+++ b/gas/config/tc-score7.c
@@ -6613,11 +6613,11 @@ s7_section_align (segT segment, valueT size)
 static void
 s7_apply_fix (fixS *fixP, valueT *valP, segT seg)
 {
-  offsetT value = *valP;
-  offsetT abs_value = 0;
-  offsetT newval;
-  offsetT content;
-  unsigned short HI, LO;
+  valueT value = *valP;
+  valueT abs_value = 0;
+  valueT newval;
+  valueT content;
+  valueT HI, LO;
 
   char *buf = fixP->fx_frag->fr_literal + fixP->fx_where;
 
@@ -6648,7 +6648,7 @@ s7_apply_fix (fixS *fixP, valueT *valP, segT seg)
       if (fixP->fx_done)
         {                       /* For la rd, imm32.  */
           newval = s7_md_chars_to_number (buf, s7_INSN_SIZE);
-          HI = (value) >> 16;   /* mul to 2, then take the hi 16 bit.  */
+          HI = value >> 16;   /* mul to 2, then take the hi 16 bit.  */
           newval |= (HI & 0x3fff) << 1;
           newval |= ((HI >> 14) & 0x3) << 16;
           s7_number_to_chars (buf, newval, s7_INSN_SIZE);
@@ -6658,7 +6658,7 @@ s7_apply_fix (fixS *fixP, valueT *valP, segT seg)
       if (fixP->fx_done)        /* For la rd, imm32.  */
         {
           newval = s7_md_chars_to_number (buf, s7_INSN_SIZE);
-          LO = (value) & 0xffff;
+          LO = value & 0xffff;
           newval |= (LO & 0x3fff) << 1; /* 16 bit: imm -> 14 bit in lo, 2 bit in hi.  */
           newval |= ((LO >> 14) & 0x3) << 16;
           s7_number_to_chars (buf, newval, s7_INSN_SIZE);
@@ -6668,7 +6668,7 @@ s7_apply_fix (fixS *fixP, valueT *valP, segT seg)
       {
         content = s7_md_chars_to_number (buf, s7_INSN_SIZE);
         value = fixP->fx_offset;
-        if (!(value >= 0 && value <= 0x1ffffff))
+        if (value > 0x1ffffff)
           {
             as_bad_where (fixP->fx_file, fixP->fx_line,
                           _("j or jl truncate (0x%x)  [0 ~ 2^25-1]"), (unsigned int) value);
@@ -6723,7 +6723,7 @@ s7_apply_fix (fixS *fixP, valueT *valP, segT seg)
       content = s7_md_chars_to_number (buf, s7_INSN16_SIZE);
       content &= 0xf001;
       value = fixP->fx_offset;
-      if (!(value >= 0 && value <= 0xfff))
+      if (value > 0xfff)
         {
           as_bad_where (fixP->fx_file, fixP->fx_line,
                         _("j! or jl! truncate (0x%x)  [0 ~ 2^12-1]"), (unsigned int) value);
-- 
2.34.1