diff options
| author | Nick Clifton <nickc@redhat.com> | 2021-05-11 11:29:58 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2021-05-11 11:29:58 +0100 |
| commit | a680affc635af50db5b0cb8e389b54b057691ec4 (patch) | |
| tree | 9ddeb404fc3f2f79d68fb1893d022c0cd8e35f0c /opcodes | |
| parent | 22604fe675b25b3ffca56e44f2c0ff378e5c6104 (diff) | |
| download | gdb-a680affc635af50db5b0cb8e389b54b057691ec4.zip gdb-a680affc635af50db5b0cb8e389b54b057691ec4.tar.gz gdb-a680affc635af50db5b0cb8e389b54b057691ec4.tar.bz2 | |
Fix an illegal memory access when attempting to disassemble a corrupt TIC30 binary.
PR 27840
* tic30-dis.c (print_insn_tic30): Prevent attempts to read beyond
the end of the code buffer.
Diffstat (limited to 'opcodes')
| -rw-r--r-- | opcodes/ChangeLog | 6 | ||||
| -rw-r--r-- | opcodes/tic30-dis.c | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index bc5d44f..6a4bd6f 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,3 +1,9 @@ +2021-05-11 Nick Clifton <nickc@redhat.com> + + PR 27840 + * tic30-dis.c (print_insn_tic30): Prevent attempts to read beyond + the end of the code buffer. + 2021-05-06 Stafford Horne <shorne@gmail.com> PR 21464 diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c index 67d3f24..bb96c07 100644 --- a/opcodes/tic30-dis.c +++ b/opcodes/tic30-dis.c @@ -695,6 +695,9 @@ print_insn_tic30 (bfd_vma pc, disassemble_info *info) struct instruction insn = { 0, NULL, NULL }; bfd_vma bufaddr = pc - info->buffer_vma; + if (bufaddr + 3 >= info->buffer_length) + return -1; + /* Obtain the current instruction word from the buffer. */ insn_word = (((unsigned) *(info->buffer + bufaddr) << 24) | (*(info->buffer + bufaddr + 1) << 16) |