binutils/Stop-potential-illegal-memory-access-in-the-NS32K.patch

From d1e304bc27b737e0e7daf0029dd5f1e91a4898ed Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 28 Oct 2019 15:44:23 +0000
Subject: [PATCH] Stop potential illegal memory access in the NS32K
 disassembler.

	* ns32k-dis.c (bit_extract): Add sanitiy check of parameters.
	(bit_extract_simple): Likewise.
	(bit_copy): Likewise.
	(pirnt_insn_ns32k): Ensure that uninitialised elements in the
	index_offset array are not accessed.
---
 opcodes/ns32k-dis.c | 10 +++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/opcodes/ns32k-dis.c b/opcodes/ns32k-dis.c
index 1fffbd8..22a9389 100644
--- a/opcodes/ns32k-dis.c
+++ b/opcodes/ns32k-dis.c
@@ -265,6 +265,8 @@ bit_extract (bfd_byte *buffer, int offset, int count)
   int result;
   int bit;
 
+  if (offset < 0 || count < 0)
+    return 0;
   buffer += offset >> 3;
   offset &= 7;
   bit = 1;
@@ -292,6 +294,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)
   int result;
   int bit;
 
+  if (offset < 0 || count < 0)
+    return 0;
   buffer += offset >> 3;
   offset &= 7;
   bit = 1;
@@ -313,6 +317,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)
 static void
 bit_copy (bfd_byte *buffer, int offset, int count, char *to)
 {
+  if (offset < 0 || count < 0)
+    return;
   for (; count > 8; count -= 8, to++, offset += 8)
     *to = bit_extract (buffer, offset, 8);
   *to = bit_extract (buffer, offset, count);
@@ -836,8 +842,10 @@ print_insn_ns32k (bfd_vma memaddr, disassemble_info *info)
 				    memaddr, arg_bufs[argnum],
 				    index_offset[whicharg]);
 	  d++;
-	  whicharg++;
+	  if (whicharg++ >= 1)
+	    break;
 	}
+
       for (argnum = 0; argnum <= maxarg; argnum++)
 	{
 	  bfd_vma addr;
-- 
2.9.3
Package init 2019-12-25 15:42:36 +08:00			`From d1e304bc27b737e0e7daf0029dd5f1e91a4898ed Mon Sep 17 00:00:00 2001`
			`From: Nick Clifton <nickc@redhat.com>`
			`Date: Mon, 28 Oct 2019 15:44:23 +0000`
			`Subject: [PATCH] Stop potential illegal memory access in the NS32K`
			`disassembler.`

			`* ns32k-dis.c (bit_extract): Add sanitiy check of parameters.`
			`(bit_extract_simple): Likewise.`
			`(bit_copy): Likewise.`
			`(pirnt_insn_ns32k): Ensure that uninitialised elements in the`
			`index_offset array are not accessed.`
			`---`
			`opcodes/ns32k-dis.c \| 10 +++++++++-`
			`2 files changed, 9 insertions(+), 1 deletion(-)`

			`diff --git a/opcodes/ns32k-dis.c b/opcodes/ns32k-dis.c`
			`index 1fffbd8..22a9389 100644`
			`--- a/opcodes/ns32k-dis.c`
			`+++ b/opcodes/ns32k-dis.c`
			`@@ -265,6 +265,8 @@ bit_extract (bfd_byte *buffer, int offset, int count)`
			`int result;`
			`int bit;`

			`+ if (offset < 0 \|\| count < 0)`
			`+ return 0;`
			`buffer += offset >> 3;`
			`offset &= 7;`
			`bit = 1;`
			`@@ -292,6 +294,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)`
			`int result;`
			`int bit;`

			`+ if (offset < 0 \|\| count < 0)`
			`+ return 0;`
			`buffer += offset >> 3;`
			`offset &= 7;`
			`bit = 1;`
			`@@ -313,6 +317,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)`
			`static void`
			`bit_copy (bfd_byte buffer, int offset, int count, char to)`
			`{`
			`+ if (offset < 0 \|\| count < 0)`
			`+ return;`
			`for (; count > 8; count -= 8, to++, offset += 8)`
			`*to = bit_extract (buffer, offset, 8);`
			`*to = bit_extract (buffer, offset, count);`
			`@@ -836,8 +842,10 @@ print_insn_ns32k (bfd_vma memaddr, disassemble_info *info)`
			`memaddr, arg_bufs[argnum],`
			`index_offset[whicharg]);`
			`d++;`
			`- whicharg++;`
			`+ if (whicharg++ >= 1)`
			`+ break;`
			`}`
			`+`
			`for (argnum = 0; argnum <= maxarg; argnum++)`
			`{`
			`bfd_vma addr;`
			`--`
			`2.9.3`