aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2019-10-28 15:44:23 +0000
committerNick Clifton <nickc@redhat.com>2019-10-28 15:44:23 +0000
commitd1e304bc27b737e0e7daf0029dd5f1e91a4898ed (patch)
tree6012ec739d51e5668f3249ffd9ab85c5f67630fd
parentdee334510fe3940456bd282fc9da9ff9257d8483 (diff)
downloadgdb-d1e304bc27b737e0e7daf0029dd5f1e91a4898ed.zip
gdb-d1e304bc27b737e0e7daf0029dd5f1e91a4898ed.tar.gz
gdb-d1e304bc27b737e0e7daf0029dd5f1e91a4898ed.tar.bz2
Stop potential illegal memory access in the NS32K disassembler.
* ns32k-dis.c (bit_extract): Add sanitiy check of parameters. (bit_extract_simple): Likewise. (bit_copy): Likewise. (pirnt_insn_ns32k): Ensure that uninitialised elements in the index_offset array are not accessed.
-rw-r--r--opcodes/ChangeLog8
-rw-r--r--opcodes/ns32k-dis.c10
2 files changed, 17 insertions, 1 deletions
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
index 66df911..fe0f240 100644
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,5 +1,13 @@
2019-10-28 Nick Clifton <nickc@redhat.com>
+ * ns32k-dis.c (bit_extract): Add sanitiy check of parameters.
+ (bit_extract_simple): Likewise.
+ (bit_copy): Likewise.
+ (pirnt_insn_ns32k): Ensure that uninitialised elements in the
+ index_offset array are not accessed.
+
+2019-10-28 Nick Clifton <nickc@redhat.com>
+
* xgate-dis.c (print_insn): Fix decoding of the XGATE_OP_DYA
operand.
diff --git a/opcodes/ns32k-dis.c b/opcodes/ns32k-dis.c
index 1fffbd8..22a9389 100644
--- a/opcodes/ns32k-dis.c
+++ b/opcodes/ns32k-dis.c
@@ -265,6 +265,8 @@ bit_extract (bfd_byte *buffer, int offset, int count)
int result;
int bit;
+ if (offset < 0 || count < 0)
+ return 0;
buffer += offset >> 3;
offset &= 7;
bit = 1;
@@ -292,6 +294,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)
int result;
int bit;
+ if (offset < 0 || count < 0)
+ return 0;
buffer += offset >> 3;
offset &= 7;
bit = 1;
@@ -313,6 +317,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count)
static void
bit_copy (bfd_byte *buffer, int offset, int count, char *to)
{
+ if (offset < 0 || count < 0)
+ return;
for (; count > 8; count -= 8, to++, offset += 8)
*to = bit_extract (buffer, offset, 8);
*to = bit_extract (buffer, offset, count);
@@ -836,8 +842,10 @@ print_insn_ns32k (bfd_vma memaddr, disassemble_info *info)
memaddr, arg_bufs[argnum],
index_offset[whicharg]);
d++;
- whicharg++;
+ if (whicharg++ >= 1)
+ break;
}
+
for (argnum = 0; argnum <= maxarg; argnum++)
{
bfd_vma addr;