From f1917fc63166d73a9d0930d96468e486a49c666d Mon Sep 17 00:00:00 2001
From: Paul Iannetta <piannetta@kalrayinc.com>
Date: Thu, 24 Aug 2023 10:39:14 +0200
Subject: kvx: fix kvx_reassemble_bundle index 8 out of bounds

opcodes/
	* kvx-dis.c (print_insn_kvx): Change the loop condition so that
	wordcount is always less than KVXMAXBUNDLEWORDS.
	(decode_prologue_epilogue_bundle): Likewise.
---
 opcodes/kvx-dis.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'opcodes')

diff --git a/opcodes/kvx-dis.c b/opcodes/kvx-dis.c
index 7fef4c7..ec9c771 100644
--- a/opcodes/kvx-dis.c
+++ b/opcodes/kvx-dis.c
@@ -1056,7 +1056,7 @@ print_insn_kvx (bfd_vma memaddr, struct disassemble_info *info)
 	  wordcount++;
 	}
       while (kvx_has_parallel_bit (bundle_words[wordcount - 1])
-	     && wordcount < KVXMAXBUNDLEWORDS);
+	     && wordcount < KVXMAXBUNDLEWORDS - 1);
       invalid_bundle = kvx_reassemble_bundle (wordcount, &insncount);
     }
 
@@ -1238,7 +1238,7 @@ decode_prologue_epilogue_bundle (bfd_vma memaddr,
       nb_syl++;
     }
   while (kvx_has_parallel_bit (bundle_words[nb_syl - 1])
-	 && nb_syl < KVXMAXBUNDLEWORDS);
+	 && nb_syl < KVXMAXBUNDLEWORDS - 1);
   if (kvx_reassemble_bundle (nb_syl, &nb_insn))
     return -1;
 
-- 
cgit v1.1