From d1e304bc27b737e0e7daf0029dd5f1e91a4898ed Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 28 Oct 2019 15:44:23 +0000 Subject: [PATCH] Stop potential illegal memory access in the NS32K disassembler. * ns32k-dis.c (bit_extract): Add sanitiy check of parameters. (bit_extract_simple): Likewise. (bit_copy): Likewise. (pirnt_insn_ns32k): Ensure that uninitialised elements in the index_offset array are not accessed. --- opcodes/ns32k-dis.c | 10 +++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/opcodes/ns32k-dis.c b/opcodes/ns32k-dis.c index 1fffbd8..22a9389 100644 --- a/opcodes/ns32k-dis.c +++ b/opcodes/ns32k-dis.c @@ -265,6 +265,8 @@ bit_extract (bfd_byte *buffer, int offset, int count) int result; int bit; + if (offset < 0 || count < 0) + return 0; buffer += offset >> 3; offset &= 7; bit = 1; @@ -292,6 +294,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count) int result; int bit; + if (offset < 0 || count < 0) + return 0; buffer += offset >> 3; offset &= 7; bit = 1; @@ -313,6 +317,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count) static void bit_copy (bfd_byte *buffer, int offset, int count, char *to) { + if (offset < 0 || count < 0) + return; for (; count > 8; count -= 8, to++, offset += 8) *to = bit_extract (buffer, offset, 8); *to = bit_extract (buffer, offset, count); @@ -836,8 +842,10 @@ print_insn_ns32k (bfd_vma memaddr, disassemble_info *info) memaddr, arg_bufs[argnum], index_offset[whicharg]); d++; - whicharg++; + if (whicharg++ >= 1) + break; } + for (argnum = 0; argnum <= maxarg; argnum++) { bfd_vma addr; -- 2.9.3