diff options
author | Nick Clifton <nickc@redhat.com> | 2019-09-03 09:53:25 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2019-09-03 09:53:25 +0100 |
commit | 1e4b5e7d354a41276cb8dfbaae79915e1730dbd8 (patch) | |
tree | 160ea2d4f2e38d86148b1b01d9c49569aefe31cc /opcodes/mmix-dis.c | |
parent | 6591bf0131d1d1c8c0e4de59ca2dd739dda86ddd (diff) | |
download | gdb-1e4b5e7d354a41276cb8dfbaae79915e1730dbd8.zip gdb-1e4b5e7d354a41276cb8dfbaae79915e1730dbd8.tar.gz gdb-1e4b5e7d354a41276cb8dfbaae79915e1730dbd8.tar.bz2 |
Fix a potential buffer overrun in the MMIX disassembler when processing a corrupt input file.
PR 24958
* mmix-dis.c (MAX_REG_NAME_LEN): Define.
(MAX_SPEC_REG_NAME_LEN): Define.
(struct mmix_dis_info): Use defined constants for array lengths.
(get_reg_name): New function.
(get_sprec_reg_name): New function.
(print_insn_mmix): Use new functions.
Diffstat (limited to 'opcodes/mmix-dis.c')
-rw-r--r-- | opcodes/mmix-dis.c | 93 |
1 files changed, 56 insertions, 37 deletions
diff --git a/opcodes/mmix-dis.c b/opcodes/mmix-dis.c index 80a58ed..93688d3 100644 --- a/opcodes/mmix-dis.c +++ b/opcodes/mmix-dis.c @@ -54,15 +54,17 @@ #define INSN_IMMEDIATE_BIT (IMM_OFFSET_BIT << 24) #define INSN_BACKWARD_OFFSET_BIT (1 << 24) +#define MAX_REG_NAME_LEN 256 +#define MAX_SPEC_REG_NAME_LEN 32 struct mmix_dis_info { - const char *reg_name[256]; - const char *spec_reg_name[32]; + const char *reg_name[MAX_REG_NAME_LEN]; + const char *spec_reg_name[MAX_SPEC_REG_NAME_LEN]; /* Waste a little memory so we don't have to allocate each separately. We could have an array with static contents for these, but on the other hand, we don't have to. */ - char basic_reg_name[256][sizeof ("$255")]; + char basic_reg_name[MAX_REG_NAME_LEN][sizeof ("$255")]; }; /* Initialize a target-specific array in INFO. */ @@ -111,7 +113,7 @@ initialize_mmix_dis_info (struct disassemble_info *info) for (i = 0; i < nsyms && syms[i] != NULL; i++) { if (syms[i]->section == reg_section - && syms[i]->value < 256 + && syms[i]->value < MAX_REG_NAME_LEN && minfop->reg_name[syms[i]->value] == NULL) minfop->reg_name[syms[i]->value] = syms[i]->name; } @@ -119,7 +121,7 @@ initialize_mmix_dis_info (struct disassemble_info *info) } /* Fill in the rest with the canonical names. */ - for (i = 0; i < 256; i++) + for (i = 0; i < MAX_REG_NAME_LEN; i++) if (minfop->reg_name[i] == NULL) { sprintf (minfop->basic_reg_name[i], "$%ld", i); @@ -238,6 +240,22 @@ get_opcode (unsigned long insn) return NULL; } +static inline const char * +get_reg_name (const struct mmix_dis_info * minfop, unsigned int x) +{ + if (x >= MAX_REG_NAME_LEN) + return _("*illegal*"); + return minfop->reg_name[x]; +} + +static inline const char * +get_spec_reg_name (const struct mmix_dis_info * minfop, unsigned int x) +{ + if (x >= MAX_SPEC_REG_NAME_LEN) + return _("*illegal*"); + return minfop->spec_reg_name[x]; +} + /* The main disassembly function. */ int @@ -333,15 +351,15 @@ print_insn_mmix (bfd_vma memaddr, struct disassemble_info *info) case mmix_operands_regs: /* All registers: "$X,$Y,$Z". */ (*info->fprintf_func) (info->stream, "%s,%s,%s", - minfop->reg_name[x], - minfop->reg_name[y], - minfop->reg_name[z]); + get_reg_name (minfop, x), + get_reg_name (minfop, y), + get_reg_name (minfop, z)); break; case mmix_operands_reg_yz: /* Like SETH - "$X,YZ". */ (*info->fprintf_func) (info->stream, "%s,0x%x", - minfop->reg_name[x], y * 256 + z); + get_reg_name (minfop, x), y * 256 + z); break; case mmix_operands_regs_z_opt: @@ -350,12 +368,13 @@ print_insn_mmix (bfd_vma memaddr, struct disassemble_info *info) /* The regular "$X,$Y,$Z|Z". */ if (insn & INSN_IMMEDIATE_BIT) (*info->fprintf_func) (info->stream, "%s,%s,%d", - minfop->reg_name[x], minfop->reg_name[y], z); + get_reg_name (minfop, x), + get_reg_name (minfop, y), z); else (*info->fprintf_func) (info->stream, "%s,%s,%s", - minfop->reg_name[x], - minfop->reg_name[y], - minfop->reg_name[z]); + get_reg_name (minfop, x), + get_reg_name (minfop, y), + get_reg_name (minfop, z)); break; case mmix_operands_jmp: @@ -378,23 +397,23 @@ print_insn_mmix (bfd_vma memaddr, struct disassemble_info *info) { if (insn & INSN_IMMEDIATE_BIT) (*info->fprintf_func) (info->stream, "%s,%s,%d", - minfop->reg_name[x], + get_reg_name (minfop, x), ROUND_MODE (y), z); else (*info->fprintf_func) (info->stream, "%s,%s,%s", - minfop->reg_name[x], + get_reg_name (minfop, x), ROUND_MODE (y), - minfop->reg_name[z]); + get_reg_name (minfop, z)); } else { if (insn & INSN_IMMEDIATE_BIT) (*info->fprintf_func) (info->stream, "%s,%d", - minfop->reg_name[x], z); + get_reg_name (minfop, x), z); else (*info->fprintf_func) (info->stream, "%s,%s", - minfop->reg_name[x], - minfop->reg_name[z]); + get_reg_name (minfop, x), + get_reg_name (minfop, z)); } break; @@ -408,13 +427,13 @@ print_insn_mmix (bfd_vma memaddr, struct disassemble_info *info) "$X,ROUND_MODE,$Z". */ if (y != 0) (*info->fprintf_func) (info->stream, "%s,%s,%s", - minfop->reg_name[x], + get_reg_name (minfop, x), ROUND_MODE (y), - minfop->reg_name[z]); + get_reg_name (minfop, z)); else (*info->fprintf_func) (info->stream, "%s,%s", - minfop->reg_name[x], - minfop->reg_name[z]); + get_reg_name (minfop, x), + get_reg_name (minfop, z)); break; case mmix_operands_sync: @@ -427,22 +446,22 @@ print_insn_mmix (bfd_vma memaddr, struct disassemble_info *info) /* Like SYNCD - "X,$Y,$Z|Z". */ if (insn & INSN_IMMEDIATE_BIT) (*info->fprintf_func) (info->stream, "%d,%s,%d", - x, minfop->reg_name[y], z); + x, get_reg_name (minfop, y), z); else (*info->fprintf_func) (info->stream, "%d,%s,%s", - x, minfop->reg_name[y], - minfop->reg_name[z]); + x, get_reg_name (minfop, y), + get_reg_name (minfop, z)); break; case mmix_operands_neg: /* Like NEG and NEGU - "$X,Y,$Z|Z". */ if (insn & INSN_IMMEDIATE_BIT) (*info->fprintf_func) (info->stream, "%s,%d,%d", - minfop->reg_name[x], y, z); + get_reg_name (minfop, x), y, z); else (*info->fprintf_func) (info->stream, "%s,%d,%s", - minfop->reg_name[x], y, - minfop->reg_name[z]); + get_reg_name (minfop, x), y, + get_reg_name (minfop, z)); break; case mmix_operands_pushj: @@ -456,7 +475,7 @@ print_insn_mmix (bfd_vma memaddr, struct disassemble_info *info) info->target = memaddr + offset; - (*info->fprintf_func) (info->stream, "%s,", minfop->reg_name[x]); + (*info->fprintf_func) (info->stream, "%s,", get_reg_name (minfop, x)); (*info->print_address_func) (memaddr + offset, info); } break; @@ -464,26 +483,26 @@ print_insn_mmix (bfd_vma memaddr, struct disassemble_info *info) case mmix_operands_get: /* GET - "X,spec_reg". */ (*info->fprintf_func) (info->stream, "%s,%s", - minfop->reg_name[x], - minfop->spec_reg_name[z]); + get_reg_name (minfop, x), + get_spec_reg_name (minfop, z)); break; case mmix_operands_put: /* PUT - "spec_reg,$Z|Z". */ if (insn & INSN_IMMEDIATE_BIT) (*info->fprintf_func) (info->stream, "%s,%d", - minfop->spec_reg_name[x], z); + get_spec_reg_name (minfop, x), z); else (*info->fprintf_func) (info->stream, "%s,%s", - minfop->spec_reg_name[x], - minfop->reg_name[z]); + get_spec_reg_name (minfop, x), + get_reg_name (minfop, z)); break; case mmix_operands_set: /* Two registers, "$X,$Y". */ (*info->fprintf_func) (info->stream, "%s,%s", - minfop->reg_name[x], - minfop->reg_name[y]); + get_reg_name (minfop, x), + get_reg_name (minfop, y)); break; case mmix_operands_save: |