diff options
| -rw-r--r-- | cpu/ChangeLog | 5 | ||||
| -rw-r--r-- | cpu/mep.opc | 14 | ||||
| -rw-r--r-- | opcodes/ChangeLog | 5 | ||||
| -rw-r--r-- | opcodes/mep-dis.c | 14 |
4 files changed, 38 insertions, 0 deletions
diff --git a/cpu/ChangeLog b/cpu/ChangeLog index bcb92e5..23c89c9 100644 --- a/cpu/ChangeLog +++ b/cpu/ChangeLog @@ -1,3 +1,8 @@ +2023-03-15 Nick Clifton <nickc@redhat.com> + + PR 30231 + * mep.opc (mep_print_insn): Check for an out of range index. + 2022-12-31 Nick Clifton <nickc@redhat.com> * 2.40 branch created. diff --git a/cpu/mep.opc b/cpu/mep.opc index 75ae830..6b264cc 100644 --- a/cpu/mep.opc +++ b/cpu/mep.opc @@ -1453,6 +1453,20 @@ mep_print_insn (CGEN_CPU_DESC cd, bfd_vma pc, disassemble_info *info) mep_config_index = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_INDEX_MASK; /* This instantly redefines MEP_CONFIG, MEP_OMASK, .... MEP_VLIW64 */ + /* mep_config_map is a variable sized array, so we do not know how big it is. + The only safe way to check the index therefore is to iterate over the array. + We do know that the last entry is all null. */ + int i; + for (i = 0; i <= mep_config_index; i++) + if (mep_config_map[i].name == NULL) + break; + + if (i < mep_config_index) + { + opcodes_error_handler (_("illegal MEP INDEX setting '%x' in ELF header e_flags field"), mep_config_index); + mep_config_index = 0; + } + cop_type = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_COP_MASK; if (cop_type == EF_MEP_COP_IVC2) ivc2 = 1; diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index fb6612a..e8a224b 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,5 +1,10 @@ 2023-03-15 Nick Clifton <nickc@redhat.com> + PR 30231 + * mep-dis.c: Regenerate. + +2023-03-15 Nick Clifton <nickc@redhat.com> + PR 30230 * arm-dis.c (get_sym_code_type): Check for non-ELF symbols. diff --git a/opcodes/mep-dis.c b/opcodes/mep-dis.c index 3fe827e..72c6c10 100644 --- a/opcodes/mep-dis.c +++ b/opcodes/mep-dis.c @@ -649,6 +649,20 @@ mep_print_insn (CGEN_CPU_DESC cd, bfd_vma pc, disassemble_info *info) mep_config_index = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_INDEX_MASK; /* This instantly redefines MEP_CONFIG, MEP_OMASK, .... MEP_VLIW64 */ + /* mep_config_map is a variable sized array, so we do not know how big it is. + The only safe way to check the index therefore is to iterate over the array. + We do know that the last entry is all null. */ + int i; + for (i = 0; i <= mep_config_index; i++) + if (mep_config_map[i].name == NULL) + break; + + if (i < mep_config_index) + { + opcodes_error_handler (_("illegal MEP INDEX setting '%x' in ELF header e_flags field"), mep_config_index); + mep_config_index = 0; + } + cop_type = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_COP_MASK; if (cop_type == EF_MEP_COP_IVC2) ivc2 = 1; |