diff options
| author | Alan Modra <amodra@gmail.com> | 2020-01-06 08:52:39 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2020-01-06 21:53:16 +1030 |
| commit | 660e62b1d9ca02e4ec7b18e8f0a0ff0707e540ac (patch) | |
| tree | c6e6dd4219926ac7d44d2d0562879ca90f43d1a5 /opcodes/z80-dis.c | |
| parent | 01335edbac3f0fa0c06d088598e09f602833de87 (diff) | |
| download | gdb-660e62b1d9ca02e4ec7b18e8f0a0ff0707e540ac.zip gdb-660e62b1d9ca02e4ec7b18e8f0a0ff0707e540ac.tar.gz gdb-660e62b1d9ca02e4ec7b18e8f0a0ff0707e540ac.tar.bz2 | |
PR25344, z80 disassembler recursion
PR 25344
* z80-dis.c (suffix): Don't use a local struct buffer copy.
Peek at next byte to prevent recursion on repeated prefix bytes.
Ensure uninitialised "mybuf" is not accessed.
(print_insn_z80): Don't zero n_fetch and n_used here,..
(print_insn_z80_buf): ..do it here instead.
Diffstat (limited to 'opcodes/z80-dis.c')
| -rw-r--r-- | opcodes/z80-dis.c | 60 |
1 files changed, 31 insertions, 29 deletions
diff --git a/opcodes/z80-dis.c b/opcodes/z80-dis.c index 99be7f8..581d4f4 100644 --- a/opcodes/z80-dis.c +++ b/opcodes/z80-dis.c @@ -713,55 +713,57 @@ static int print_insn_z80_buf (struct buffer *buf, disassemble_info *info); static int -suffix (struct buffer *buf_in, disassemble_info *info, const char *txt) +suffix (struct buffer *buf, disassemble_info *info, const char *txt) { - struct buffer buf; char mybuf[TXTSIZ*4]; fprintf_ftype old_fprintf; void *old_stream; char *p; - buf_in->n_used++; - buf = *buf_in; - buf.n_fetch = 0; - buf.n_used = 0; - buf.base++; switch (txt[2]) { case 'l': /* SIL or LIL */ - buf.nn_len = 3; + buf->nn_len = 3; break; case 's': /* SIS or LIS */ - buf.nn_len = 2; + buf->nn_len = 2; break; default: - /* unknown suffix */ - return -1; + abort (); + } + if (!fetch_data (buf, info, 1) + || buf->data[1] == 0x40 + || buf->data[1] == 0x49 + || buf->data[1] == 0x52 + || buf->data[1] == 0x5b) + { + /* Double prefix, or end of data. */ + info->fprintf_func (info->stream, "nop ;%s", txt); + buf->n_used = 1; + return buf->n_used; } + old_fprintf = info->fprintf_func; old_stream = info->stream; - info->fprintf_func = (fprintf_ftype)&sprintf; + info->fprintf_func = (fprintf_ftype) &sprintf; info->stream = mybuf; - print_insn_z80_buf(&buf, info); + buf->base++; + if (print_insn_z80_buf (buf, info) >= 0) + buf->n_used++; info->fprintf_func = old_fprintf; info->stream = old_stream; - for (p = &mybuf[0]; *p && *p != ' ' && *p != '.'; ++p) - ; - - if (*p == '.') /* suffix already present */ + for (p = mybuf; *p; ++p) + if (*p == ' ') + break; + if (*p) { - info->fprintf_func(info->stream, "nop ;%s", txt); /* double prefix */ - return buf_in->n_used; + *p++ = '\0'; + info->fprintf_func (info->stream, "%s.%s %s", mybuf, txt, p); } - - *p++ = '\0'; - info->fprintf_func(info->stream, *p ? "%s.%s %s" : "%s.%s", mybuf, txt, p); - - memcpy(&buf_in->data[1], buf.data, sizeof(buf.data)-1); - buf_in->n_used += buf.n_used; - buf_in->n_fetch += buf.n_fetch; - return buf_in->n_used; + else + info->fprintf_func (info->stream, "%s.%s", mybuf, txt); + return buf->n_used; } /* Table to disassemble machine codes without prefix. */ @@ -839,8 +841,6 @@ print_insn_z80 (bfd_vma addr, disassemble_info * info) struct buffer buf; buf.base = addr; - buf.n_fetch = 0; - buf.n_used = 0; buf.inss = 1 << info->mach; buf.nn_len = info->mach == bfd_mach_ez80_adl ? 3 : 2; info->bytes_per_line = (buf.inss & INSS_EZ80) ? 6 : 4; /* <ss pp oo nn mm MM> OR <pp oo nn mm> */ @@ -853,6 +853,8 @@ print_insn_z80_buf (struct buffer *buf, disassemble_info *info) { struct tab_elt *p; + buf->n_fetch = 0; + buf->n_used = 0; if (! fetch_data (buf, info, 1)) return -1; |