diff options
| author | Yinjun Zhang <yinjun.zhang@corigine.com> | 2021-08-25 21:01:17 -0400 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-09-01 10:26:26 +0930 |
| commit | 90f56146e5748bab6baca97b1470bbd144ae10e8 (patch) | |
| tree | 8552b815ab856d33acb8cc992ce9213fd54b2e2b /opcodes | |
| parent | 64cb17196c7b2365ec152991235e686e6dc27a18 (diff) | |
| download | gdb-90f56146e5748bab6baca97b1470bbd144ae10e8.zip gdb-90f56146e5748bab6baca97b1470bbd144ae10e8.tar.gz gdb-90f56146e5748bab6baca97b1470bbd144ae10e8.tar.bz2 | |
nfp: add validity check of island and me
AddressSanitizer detects heap-buffer-overflow when running
"objdump -D" for nfp .nffw files.
PR 27854
* nfp-dis.c (_NFP_ISLAND_MAX, _NFP_ME_MAX): Define.
(nfp_priv_data): ..and use here.
(_print_instrs): Sanity check island and menum.
Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Diffstat (limited to 'opcodes')
| -rw-r--r-- | opcodes/nfp-dis.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/opcodes/nfp-dis.c b/opcodes/nfp-dis.c index b74ccb3..170f6a2 100644 --- a/opcodes/nfp-dis.c +++ b/opcodes/nfp-dis.c @@ -46,6 +46,9 @@ #define _NFP_ME27_28_CSR_CTX_ENABLES 0x18 #define _NFP_ME27_28_CSR_MISC_CONTROL 0x160 +#define _NFP_ISLAND_MAX 64 +#define _NFP_ME_MAX 12 + typedef struct { unsigned char ctx4_mode:1; @@ -65,7 +68,7 @@ nfp_opts; /* mecfgs[island][menum][is-text] */ typedef struct { - nfp_priv_mecfg mecfgs[64][12][2]; + nfp_priv_mecfg mecfgs[_NFP_ISLAND_MAX][_NFP_ME_MAX][2]; } nfp_priv_data; @@ -2837,6 +2840,12 @@ _print_instrs (bfd_vma addr, struct disassemble_info *dinfo, nfp_opts * opts) break; } + if (island >= _NFP_ISLAND_MAX || menum >= _NFP_ME_MAX) + { + dinfo->fprintf_func (dinfo->stream, "Invalid island or me."); + return _NFP_ERR_STOP; + } + mecfg = &priv->mecfgs[island][menum][is_text]; num_ctx = (mecfg->ctx4_mode) ? 4 : 8; addr_3rdparty32 = mecfg->addr_3rdparty32; |