62 lines
1.7 KiB
Diff
62 lines
1.7 KiB
Diff
From d1e304bc27b737e0e7daf0029dd5f1e91a4898ed Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Mon, 28 Oct 2019 15:44:23 +0000
|
|
Subject: [PATCH] Stop potential illegal memory access in the NS32K
|
|
disassembler.
|
|
|
|
* ns32k-dis.c (bit_extract): Add sanitiy check of parameters.
|
|
(bit_extract_simple): Likewise.
|
|
(bit_copy): Likewise.
|
|
(pirnt_insn_ns32k): Ensure that uninitialised elements in the
|
|
index_offset array are not accessed.
|
|
---
|
|
opcodes/ns32k-dis.c | 10 +++++++++-
|
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/opcodes/ns32k-dis.c b/opcodes/ns32k-dis.c
|
|
index 1fffbd8..22a9389 100644
|
|
--- a/opcodes/ns32k-dis.c
|
|
+++ b/opcodes/ns32k-dis.c
|
|
@@ -265,6 +265,8 @@ bit_extract (bfd_byte *buffer, int offset, int count)
|
|
int result;
|
|
int bit;
|
|
|
|
+ if (offset < 0 || count < 0)
|
|
+ return 0;
|
|
buffer += offset >> 3;
|
|
offset &= 7;
|
|
bit = 1;
|
|
@@ -292,6 +294,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)
|
|
int result;
|
|
int bit;
|
|
|
|
+ if (offset < 0 || count < 0)
|
|
+ return 0;
|
|
buffer += offset >> 3;
|
|
offset &= 7;
|
|
bit = 1;
|
|
@@ -313,6 +317,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)
|
|
static void
|
|
bit_copy (bfd_byte *buffer, int offset, int count, char *to)
|
|
{
|
|
+ if (offset < 0 || count < 0)
|
|
+ return;
|
|
for (; count > 8; count -= 8, to++, offset += 8)
|
|
*to = bit_extract (buffer, offset, 8);
|
|
*to = bit_extract (buffer, offset, count);
|
|
@@ -836,8 +842,10 @@ print_insn_ns32k (bfd_vma memaddr, disassemble_info *info)
|
|
memaddr, arg_bufs[argnum],
|
|
index_offset[whicharg]);
|
|
d++;
|
|
- whicharg++;
|
|
+ if (whicharg++ >= 1)
|
|
+ break;
|
|
}
|
|
+
|
|
for (argnum = 0; argnum <= maxarg; argnum++)
|
|
{
|
|
bfd_vma addr;
|
|
--
|
|
2.9.3
|
|
|