diff options
| author | Nick Clifton <nickc@redhat.com> | 2019-09-03 15:37:12 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2019-09-03 15:37:12 +0100 |
| commit | f44b758d3133ef0a7f3131c1e12ed20feb33ee61 (patch) | |
| tree | 90a04255f6557a078df9a4c0b4819468e3de6870 /opcodes/tic30-dis.c | |
| parent | 1e4b5e7d354a41276cb8dfbaae79915e1730dbd8 (diff) | |
| download | gdb-f44b758d3133ef0a7f3131c1e12ed20feb33ee61.zip gdb-f44b758d3133ef0a7f3131c1e12ed20feb33ee61.tar.gz gdb-f44b758d3133ef0a7f3131c1e12ed20feb33ee61.tar.bz2 | |
Fix buffer underrun bug in the TI C30 disassembler.
PR 24961
* tic30-dis.c (get_indirect_operand): Check for bufcnt being
greater than zero before indexing via (bufcnt -1).
Diffstat (limited to 'opcodes/tic30-dis.c')
| -rw-r--r-- | opcodes/tic30-dis.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c index c64aceb..668c519 100644 --- a/opcodes/tic30-dis.c +++ b/opcodes/tic30-dis.c @@ -253,7 +253,9 @@ get_indirect_operand (unsigned short fragment, for (i = 0, bufcnt = 0; i < len; i++, bufcnt++) { buffer[bufcnt] = current_ind->syntax[i]; - if (buffer[bufcnt - 1] == 'a' && buffer[bufcnt] == 'r') + if (bufcnt > 0 + && buffer[bufcnt - 1] == 'a' + && buffer[bufcnt] == 'r') buffer[++bufcnt] = arnum + '0'; if (buffer[bufcnt] == '(' && current_ind->displacement == DISP_REQUIRED) |