binutils/Fix-buffer-underrun-bug-in-the-TI-C30-disassembler.patch

From f44b758d3133ef0a7f3131c1e12ed20feb33ee61 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 3 Sep 2019 15:37:12 +0100
Subject: [PATCH] Fix buffer underrun bug in the TI C30 disassembler.

	PR 24961
	* tic30-dis.c (get_indirect_operand): Check for bufcnt being
	greater than zero before indexing via (bufcnt -1).
---
 opcodes/tic30-dis.c | 4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c
index c64aceb..668c519 100644
--- a/opcodes/tic30-dis.c
+++ b/opcodes/tic30-dis.c
@@ -253,7 +253,9 @@ get_indirect_operand (unsigned short fragment,
 		for (i = 0, bufcnt = 0; i < len; i++, bufcnt++)
 		  {
 		    buffer[bufcnt] = current_ind->syntax[i];
-		    if (buffer[bufcnt - 1] == 'a' && buffer[bufcnt] == 'r')
+		    if (bufcnt > 0
+			&& buffer[bufcnt - 1] == 'a'
+			&& buffer[bufcnt] == 'r')
 		      buffer[++bufcnt] = arnum + '0';
 		    if (buffer[bufcnt] == '('
 			&& current_ind->displacement == DISP_REQUIRED)
-- 
2.9.3
Package init 2019-12-25 15:42:36 +08:00			`From f44b758d3133ef0a7f3131c1e12ed20feb33ee61 Mon Sep 17 00:00:00 2001`
			`From: Nick Clifton <nickc@redhat.com>`
			`Date: Tue, 3 Sep 2019 15:37:12 +0100`
			`Subject: [PATCH] Fix buffer underrun bug in the TI C30 disassembler.`

			`PR 24961`
			`* tic30-dis.c (get_indirect_operand): Check for bufcnt being`
			`greater than zero before indexing via (bufcnt -1).`
			`---`
			`opcodes/tic30-dis.c \| 4 +++-`
			`1 files changed, 3 insertions(+), 1 deletion(-)`

			`diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c`
			`index c64aceb..668c519 100644`
			`--- a/opcodes/tic30-dis.c`
			`+++ b/opcodes/tic30-dis.c`
			`@@ -253,7 +253,9 @@ get_indirect_operand (unsigned short fragment,`
			`for (i = 0, bufcnt = 0; i < len; i++, bufcnt++)`
			`{`
			`buffer[bufcnt] = current_ind->syntax[i];`
			`- if (buffer[bufcnt - 1] == 'a' && buffer[bufcnt] == 'r')`
			`+ if (bufcnt > 0`
			`+ && buffer[bufcnt - 1] == 'a'`
			`+ && buffer[bufcnt] == 'r')`
			`buffer[++bufcnt] = arnum + '0';`
			`if (buffer[bufcnt] == '('`
			`&& current_ind->displacement == DISP_REQUIRED)`
			`--`
			`2.9.3`