aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2020-06-05 16:18:47 +0930
committerAlan Modra <amodra@gmail.com>2020-06-05 16:22:46 +0930
commitd3d1cc7b13b4b1f11862d6b58174c81536fb3340 (patch)
treefb7b535ae50079e5879e4fdd3679a3af3f001a2f
parent8eca5c7d9f2855a4af7dc3d213abb5760cca31cb (diff)
downloadgdb-d3d1cc7b13b4b1f11862d6b58174c81536fb3340.zip
gdb-d3d1cc7b13b4b1f11862d6b58174c81536fb3340.tar.gz
gdb-d3d1cc7b13b4b1f11862d6b58174c81536fb3340.tar.bz2
bpf stack smashing detected
* cgen-dis.c (hash_insn_array): Increase size of buf. Assert size is large enough.
-rw-r--r--opcodes/ChangeLog5
-rw-r--r--opcodes/cgen-dis.c11
2 files changed, 11 insertions, 5 deletions
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
index 63824c8..86e381a 100644
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,3 +1,8 @@
+2020-06-05 Alan Modra <amodra@gmail.com>
+
+ * cgen-dis.c (hash_insn_array): Increase size of buf. Assert
+ size is large enough.
+
2020-06-04 Jose E. Marchesi <jose.marchesi@oracle.com>
* disassemble.c (disassemble_init_for_target): Set endian_code for
diff --git a/opcodes/cgen-dis.c b/opcodes/cgen-dis.c
index bcc5b4b..377c93c 100644
--- a/opcodes/cgen-dis.c
+++ b/opcodes/cgen-dis.c
@@ -24,6 +24,7 @@
#include "bfd.h"
#include "symcat.h"
#include "opcode/cgen.h"
+#include "disassemble.h"
static CGEN_INSN_LIST * hash_insn_array (CGEN_CPU_DESC, const CGEN_INSN *, int, int, CGEN_INSN_LIST **, CGEN_INSN_LIST *);
static CGEN_INSN_LIST * hash_insn_list (CGEN_CPU_DESC, const CGEN_INSN_LIST *, CGEN_INSN_LIST **, CGEN_INSN_LIST *);
@@ -110,9 +111,10 @@ hash_insn_array (CGEN_CPU_DESC cd,
for (i = count - 1; i >= 0; --i, ++hentbuf)
{
unsigned int hash;
- char buf [4];
+ char buf [8];
unsigned long value;
const CGEN_INSN *insn = &insns[i];
+ size_t size;
if (! (* cd->dis_hash_p) (insn))
continue;
@@ -121,10 +123,9 @@ hash_insn_array (CGEN_CPU_DESC cd,
to hash on, so set both up. */
value = CGEN_INSN_BASE_VALUE (insn);
- bfd_put_bits ((bfd_vma) value,
- buf,
- CGEN_INSN_MASK_BITSIZE (insn),
- big_p);
+ size = CGEN_INSN_MASK_BITSIZE (insn);
+ OPCODES_ASSERT (size <= sizeof (buf) * 8);
+ bfd_put_bits ((bfd_vma) value, buf, size, big_p);
hash = (* cd->dis_hash) (buf, value);
add_insn_to_hash_chain (hentbuf, insn, htable, hash);
}