diff options
author | Nick Clifton <nickc@redhat.com> | 2019-10-28 15:44:23 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2019-10-28 15:44:23 +0000 |
commit | d1e304bc27b737e0e7daf0029dd5f1e91a4898ed (patch) | |
tree | 6012ec739d51e5668f3249ffd9ab85c5f67630fd | |
parent | dee334510fe3940456bd282fc9da9ff9257d8483 (diff) | |
download | gdb-d1e304bc27b737e0e7daf0029dd5f1e91a4898ed.zip gdb-d1e304bc27b737e0e7daf0029dd5f1e91a4898ed.tar.gz gdb-d1e304bc27b737e0e7daf0029dd5f1e91a4898ed.tar.bz2 |
Stop potential illegal memory access in the NS32K disassembler.
* ns32k-dis.c (bit_extract): Add sanitiy check of parameters.
(bit_extract_simple): Likewise.
(bit_copy): Likewise.
(pirnt_insn_ns32k): Ensure that uninitialised elements in the
index_offset array are not accessed.
-rw-r--r-- | opcodes/ChangeLog | 8 | ||||
-rw-r--r-- | opcodes/ns32k-dis.c | 10 |
2 files changed, 17 insertions, 1 deletions
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index 66df911..fe0f240 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,5 +1,13 @@ 2019-10-28 Nick Clifton <nickc@redhat.com> + * ns32k-dis.c (bit_extract): Add sanitiy check of parameters. + (bit_extract_simple): Likewise. + (bit_copy): Likewise. + (pirnt_insn_ns32k): Ensure that uninitialised elements in the + index_offset array are not accessed. + +2019-10-28 Nick Clifton <nickc@redhat.com> + * xgate-dis.c (print_insn): Fix decoding of the XGATE_OP_DYA operand. diff --git a/opcodes/ns32k-dis.c b/opcodes/ns32k-dis.c index 1fffbd8..22a9389 100644 --- a/opcodes/ns32k-dis.c +++ b/opcodes/ns32k-dis.c @@ -265,6 +265,8 @@ bit_extract (bfd_byte *buffer, int offset, int count) int result; int bit; + if (offset < 0 || count < 0) + return 0; buffer += offset >> 3; offset &= 7; bit = 1; @@ -292,6 +294,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count) int result; int bit; + if (offset < 0 || count < 0) + return 0; buffer += offset >> 3; offset &= 7; bit = 1; @@ -313,6 +317,8 @@ bit_extract_simple (bfd_byte *buffer, int offset, int count) static void bit_copy (bfd_byte *buffer, int offset, int count, char *to) { + if (offset < 0 || count < 0) + return; for (; count > 8; count -= 8, to++, offset += 8) *to = bit_extract (buffer, offset, 8); *to = bit_extract (buffer, offset, count); @@ -836,8 +842,10 @@ print_insn_ns32k (bfd_vma memaddr, disassemble_info *info) memaddr, arg_bufs[argnum], index_offset[whicharg]); d++; - whicharg++; + if (whicharg++ >= 1) + break; } + for (argnum = 0; argnum <= maxarg; argnum++) { bfd_vma addr; |