From e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7 Mon Sep 17 00:00:00 2001
From: David CARLIER <devnexen@gmail.com>
Date: Mon, 10 Dec 2018 15:42:02 +0000
Subject: [PATCH] Fix #12417/#12418 (arm assembler heap overflows)

---
 libr/asm/arch/arm/armass.c   | 2 +-
 libr/asm/arch/arm/armass64.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libr/asm/arch/arm/armass.c b/libr/asm/arch/arm/armass.c
index 6b752c0463..dc1b05e9c3 100644
--- a/libr/asm/arch/arm/armass.c
+++ b/libr/asm/arch/arm/armass.c
@@ -6545,7 +6545,7 @@ ut32 armass_assemble(const char *str, ut64 off, int thumb) {
 	int i, j;
 	char buf[128];
 	ArmOpcode aop = {.off = off};
-	for (i = j = 0; i < sizeof (buf) - 1 && str[i]; i++, j++) {
+	for (i = j = 0; i < sizeof (buf) - 1 && str[j]; i++, j++) {
 		if (str[j] == '#') {
 			i--; continue;
 		}
diff --git a/libr/asm/arch/arm/armass64.c b/libr/asm/arch/arm/armass64.c
index 91bd4282a7..f66eba9d0c 100644
--- a/libr/asm/arch/arm/armass64.c
+++ b/libr/asm/arch/arm/armass64.c
@@ -756,7 +756,7 @@ static bool parseOperands(char* str, ArmOp *op) {
 		} else if (!strncmp (token, "asr", 3)) {
 			op->operands[operand].shift = ARM_ASR;
 		}
-		if (op->operands[operand].shift != ARM_NO_SHIFT) {
+		if (strlen (token) > 4 && op->operands[operand].shift != ARM_NO_SHIFT) {
 			op->operands_count ++;
 			op->operands[operand].shift_amount = r_num_math (NULL, token + 4);
 			if (op->operands[operand].shift_amount > 63) {