From f44b758d3133ef0a7f3131c1e12ed20feb33ee61 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 3 Sep 2019 15:37:12 +0100 Subject: Fix buffer underrun bug in the TI C30 disassembler. PR 24961 * tic30-dis.c (get_indirect_operand): Check for bufcnt being greater than zero before indexing via (bufcnt -1). --- opcodes/ChangeLog | 6 ++++++ opcodes/tic30-dis.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'opcodes') diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index 87e3f74..64b6a07 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,5 +1,11 @@ 2019-09-03 Nick Clifton + PR 24961 + * tic30-dis.c (get_indirect_operand): Check for bufcnt being + greater than zero before indexing via (bufcnt -1). + +2019-09-03 Nick Clifton + PR 24958 * mmix-dis.c (MAX_REG_NAME_LEN): Define. (MAX_SPEC_REG_NAME_LEN): Define. diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c index c64aceb..668c519 100644 --- a/opcodes/tic30-dis.c +++ b/opcodes/tic30-dis.c @@ -253,7 +253,9 @@ get_indirect_operand (unsigned short fragment, for (i = 0, bufcnt = 0; i < len; i++, bufcnt++) { buffer[bufcnt] = current_ind->syntax[i]; - if (buffer[bufcnt - 1] == 'a' && buffer[bufcnt] == 'r') + if (bufcnt > 0 + && buffer[bufcnt - 1] == 'a' + && buffer[bufcnt] == 'r') buffer[++bufcnt] = arnum + '0'; if (buffer[bufcnt] == '(' && current_ind->displacement == DISP_REQUIRED) -- cgit v1.1