From 2ea9d33a127c09d9c4df0337981e48fb4b7a236f Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 3 Sep 2021 08:23:49 +0930
Subject: pj: asan: out of bounds, ubsan: left shift of negative

	* pj-dis.c: Include libiberty.h.
	(print_insn_pj): Don't index op->arg past array bound.  Don't
	left shift negative int.
---
 opcodes/pj-dis.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'opcodes/pj-dis.c')

diff --git a/opcodes/pj-dis.c b/opcodes/pj-dis.c
index a67ea38..f0708a0 100644
--- a/opcodes/pj-dis.c
+++ b/opcodes/pj-dis.c
@@ -21,6 +21,7 @@
 
 #include "sysdep.h"
 #include <stdio.h>
+#include "libiberty.h"
 #include "opcode/pj.h"
 #include "disassemble.h"
 
@@ -65,7 +66,7 @@ print_insn_pj (bfd_vma addr, struct disassemble_info *info)
       char *sep = "\t";
       int insn_start = addr;
       const pj_opc_info_t *op = &pj_opc_info[opcode];
-      int a;
+      unsigned int a;
 
       addr++;
       fprintf_fn (stream, "%s", op->u.name);
@@ -145,7 +146,7 @@ print_insn_pj (bfd_vma addr, struct disassemble_info *info)
 	  return addr - insn_start;
 	}
 
-      for (a = 0; op->arg[a]; a++)
+      for (a = 0; a < ARRAY_SIZE (op->arg) && op->arg[a]; a++)
 	{
 	  unsigned char data[4];
 	  int val = 0;
@@ -158,7 +159,7 @@ print_insn_pj (bfd_vma addr, struct disassemble_info *info)
 	  val = (UNS (op->arg[0]) || ((data[0] & 0x80) == 0)) ? 0 : -1;
 
 	  for (i = 0; i < size; i++)
-	    val = (val << 8) | (data[i] & 0xff);
+	    val = ((unsigned) val << 8) | (data[i] & 0xff);
 
 	  fprintf_fn (stream, "%s", sep);
 	  if (PCREL (op->arg[a]))
-- 
cgit v1.1