| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
bfd/
* wasm-module.c (wasm_read_leb128): Don't allow oversize shifts.
Catch value overflow. Sign extend only on terminating byte.
opcodes/
* wasm32-dis.c (wasm_read_leb128): Don't allow oversize shifts.
Catch value overflow. Sign extend only on terminating byte.
|
|
PR 25281
* sh-dis.c (print_insn_ddt): Properly check validity of MOVX_NOPY
and MOVY_NOPX insns. For invalid cases include 0xf000 in the word
printed. Print .word in more cases.
|
|
cpu/
* or1korbis.cpu (f-disp26, f-disp21): Don't left shift negative values.
opcodes/
* or1k-ibld.c: Regenerate.
|
|
bfd/
* libhppa.h (hppa_field_adjust, bfd_hppa_insn2fmt): Delete forward
declaration. Move ATTRIBUTE_UNUSED to definition.
(sign_extend, low_sign_extend, sign_unext, low_sign_unext),
(re_assemble_3, re_assemble_12, re_assemble_14, re_assemble_16),
(re_assemble_17, re_assemble_21, re_assemble_22): Likewise. Make
args and return value unsigned. Use unsigned variables.
(hppa_rebuild_insn): Similarly.
opcodes/
* hppa-dis.c (extract_16, extract_21, print_insn_hppa): Use
unsigned variables.
|
|
* m68hc11-dis.c (read_memory): Delete forward decls.
(print_indexed_operand, print_insn): Likewise.
(print_indexed_operand): Formatting. Don't rely on short being
exactly 16 bits, make sign extension explicit.
(print_insn): Likewise. Avoid signed overflow.
|
|
This patch prevents print_insn_mode recursing into another index mode
byte, which if repeated enough times will overflow private.the_buffer
and scribble over other memory.
* vax-dis.c (print_insn_mode): Stop index mode recursion.
|
|
fadd, fmul, and fdiv are now, by ISO/IEC TS 18661-3:2015, defined to
refer to functions from the runtime subsystem.
PR 25277
* microblaze-opcm.h (enum microblaze_instr): Prefix fadd, fmul and
fdiv with "mbi_".
* microblaze-opc.h (opcodes): Adjust to suit.
|
|
The arc fix in create_map avoiding signed overflow by casting an
unsigned char to unsigned int before shifting, shows one of the
dangers of blinding doing that. The problem in this case was that the
variable storing the value, newAuxRegister->address, was a long.
Using the unsigned cast meant that the 32-bit value was zero extended
when long is 64 bits. Previously we had a sign extension. Net result
was that comparisons in arcExtMap_auxRegName didn't match. Of course,
I could have cast the 32-bit unsigned value back to signed before
storing in a long, but it's neater to just use an unsigned int for the
address.
opcodes/
* alpha-opc.c (OP): Avoid signed overflow.
* arm-dis.c (print_insn): Likewise.
* mcore-dis.c (print_insn_mcore): Likewise.
* pj-dis.c (get_int): Likewise.
* ppc-opc.c (EBD15, EBD15BI): Likewise.
* score7-dis.c (s7_print_insn): Likewise.
* tic30-dis.c (print_insn_tic30): Likewise.
* v850-opc.c (insert_SELID): Likewise.
* vax-dis.c (print_insn_vax): Likewise.
* arc-ext.c (create_map): Likewise.
(struct ExtAuxRegister): Make "address" field unsigned int.
(arcExtMap_auxRegName): Pass unsigned address.
(dump_ARC_extmap): Adjust.
* arc-ext.h (arcExtMap_auxRegName): Update prototype.
|
|
* visium-dis.c (print_insn_visium): Avoid signed overflow.
|
|
* aarch64-opc.c (value_fit_signed_field_p): Avoid signed overflow.
(value_fit_unsigned_field_p): Likewise.
(aarch64_wide_constant_p): Likewise.
(operand_general_constraint_met_p): Likewise.
* aarch64-opc.h (aarch64_wide_constant_p): Update prototype.
|
|
Yet more.
* nds32-dis.c (nds32_mask_opcode): Avoid signed overflow.
(print_insn_nds32): Use uint64_t for "given" and "given1".
|
|
This is one way of fixing ubsan bug reports, just delete the code.
The assembler support was removed back in 2005 along with other
non-BFD assemblers, but somehow the remainder of the port stayed in.
bfd/
* coff-tic80.c: Delete file.
* cpu-tic80.c: Delete file.
* archures.c: Remove tic80 support.
* coffcode.h: Likewise.
* coffswap.h: Likewise.
* targets.c: Likewise.
* config.bfd: Likewise.
* configure.ac: Likewise.
* Makefile.am: Likewise.
* Makefile.in: Regenerate.
* bfd-in2.h: Regenerate.
* configure: Regenerate.
* po/SRC-POTFILES.in: Regenerate.
binutils/
* testsuite/binutils-all/objcopy.exp: Remove tic80 support.
* testsuite/binutils-all/objdump.exp: Likewise.
gas/
* doc/as.texi: Remove mention of tic80.
include/
* coff/tic80.h: Delete file.
* opcode/tic80.h: Delete file.
ld/
* emulparams/tic80coff.sh: Delete file.
* scripttempl/tic80coff.sc: Delete file.
* configure.tgt: Remove tic80 support.
* Makefile.am: Likewise.
* Makefile.in: Regenerate.
* po/BLD-POTFILES.in: Regenerate.
opcodes/
* tic80-dis.c: Delete file.
* tic80-opc.c: Delete file.
* disassemble.c: Remove tic80 support.
* disassemble.h: Likewise.
* Makefile.am: Likewise.
* configure.ac: Likewise.
* Makefile.in: Regenerate.
* configure: Regenerate.
* po/POTFILES.in: Regenerate.
|
|
cpu/
* bpf.cpu (f-imm64): Avoid signed overflow.
opcodes/
* bpf-ibld.c: Regenerate.
|
|
* aarch64-dis.c (sign_extend): Return uint64_t. Rewrite without
conditional.
(aarch64_ext_imm): Avoid signed overflow.
|
|
* microblaze-dis.c (read_insn_microblaze): Avoid signed overflow.
|
|
* nios2-dis.c (nios2_print_insn_arg): Avoid signed overflow
|
|
cpu/
* xstormy16.cpu (f-rel12a): Avoid signed overflow.
opcodes/
* xstormy16-ibld.c: Regenerate.
|
|
I'm flying blind here, not having an s+core s3 insn set reference,
but this seems reasonably obvious from what is done by the assembler.
s3_do16_rpop does some mixing of imm and reg values to place in the
rpop reg field, but I'm not going to try to fix the disassembly
there.
* score-dis.c (print_insn_score16): Move rpush/rpop imm field
value adjustment so that it doesn't affect reg field too.
|
|
The ubsan complaint is fixed by the SBM change, with similar possible
complaints fixed by the EXTRACT change. The rest is just cleanup.
include/
* opcode/crx.h (inst <match>): Make unsigned int.
opcodes/
* crx-dis.c (EXTRACT, SBM): Avoid signed overflow.
(get_number_of_operands, getargtype, getbits, getregname),
(getcopregname, getprocregname, gettrapstring, getcinvstring),
(getregliststring, get_word_at_PC, get_words_at_PC, build_mask),
(powerof2, match_opcode, make_instruction, print_arguments),
(print_arg): Delete forward declarations, moving static to..
(getregname, getcopregname, getregliststring): ..these definitions.
(build_mask): Return unsigned int mask.
(match_opcode): Use unsigned int vars.
|
|
* bfin-dis.c (fmtconst, fmtconst_val): Avoid signed overflow.
|
|
Note that using 1u in N32_BIT makes all of N32_BIT, __MASK, __MF, __GF
and __SEXT evaluate as unsigned int (the latter three when when their
v arg is int or smaller). This would be a problem if assigning the
result to a bfd_vma, long, or other type wider than an int since the
__SEXT result would be zero extended to the wider type. Fortunately
nds32 target code doesn't use wider types unnecessarily.
include/
* opcode/nds32.h (N32_BIT): Define using 1u.
(__SEXT): Use __MASK and N32_BIT.
(N32_IMMS): Remove duplicate mask.
opcodes/
* nds32-dis.c (print_insn16, print_insn32): Remove forward decls.
(struct objdump_disasm_info): Delete.
(nds32_parse_audio_ext, nds32_parse_opcode): Cast result of
N32_IMMS to unsigned before shifting left.
|
|
Commit 8c9b4171877df didn't remove a glaring left shift of a number
that had just been sign extended.
* moxie-dis.c (INST2OFFSET): Don't left shift a signed value.
(print_insn_moxie): Remove unnecessary cast.
|
|
* csky-dis.c (csky_chars_to_number): Remove abort and unnecessary
mask.
|
|
cpu/
* epiphany.cpu (f-sdisp11): Don't sign extend with shifts.
* lm32.cpu (f-branch, f-vall): Likewise.
* m32.cpu (f-lab-8-16): Likewise.
opcodes/
* arc-dis.c (BITS): Don't truncate high bits with shifts.
* nios2-dis.c (nios2_print_insn_arg): Don't sign extend with shifts.
* tic54x-dis.c (print_instruction): Likewise.
* tilegx-opc.c (parse_insn_tilegx): Likewise.
* tilepro-opc.c (parse_insn_tilepro): Likewise.
* visium-dis.c (disassem_class0): Likewise.
* pdp11-dis.c (sign_extend): Likewise.
(SIGN_BITS): Delete.
* epiphany-ibld.c: Regenerate.
* lm32-ibld.c: Regenerate.
* m32c-ibld.c: Regenerate.
|
|
* ns32k-dis.c (sign_extend): Correct last patch.
|
|
* vax-dis.c (NEXTLONG): Avoid signed overflow.
|
|
* v850-dis.c (get_operand_value): Use unsigned arithmetic. Don't
sign extend using shifts.
|
|
* tic6x-dis.c (tic6x_extract_32): Avoid signed overflow.
|
|
* tic4x-dis.c (tic4x_print_register): Formatting. Don't segfault
on NULL registertable entry.
(tic4x_hash_opcode): Use unsigned arithmetic.
|
|
* s12z-opc.c (z_decode_signed_value): Avoid signed overflow.
|
|
* ns32k-dis.c (bit_extract): Use unsigned arithmetic.
(bit_extract_simple, sign_extend): Likewise.
|
|
* nios2-dis.c (nios2_print_insn_arg): Use 1u << 31.
|
|
* moxie-dis.c (INST2OFFSET): Don't sign extend using shifts.
|
|
* m68k-dis.c (COERCE32): Cast value first.
(NEXTLONG, NEXTULONG): Avoid signed overflow.
|
|
This is
*cst = (data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3];
data is unsigned char which promotes to int.
* h8300-dis.c (extract_immediate): Avoid signed overflow.
(bfd_h8_disassemble): Likewise.
|
|
* d30v-dis.c (print_insn): Make opind unsigned. Don't access
past end of operands array.
|
|
In the following buf is an unsigned char array, so elements are
promoted to int before arithmetic operations.
if (dis_info.info->endian == BFD_ENDIAN_BIG)
while (n--)
val |= buf[n] << (n*8);
else
for (i = 0; i < n; i++)
val |= buf[i] << (i*8);
* csky-dis.c (csky_chars_to_number): Rewrite. Avoid signed
overflow when collecting bytes of a number.
|
|
This was the following in print_with_operands
case 4:
number
= buffer[2] + buffer[3] * 256 + buffer[4] * 65536
+ buffer[5] * 0x1000000;
and buffer[5] * 0x1000000 can indeed overflow. So to fix this we need
to use unsigned arithmetic where overflow semantics are specified.
But number is a long, and the expression is int which will be sign
extended to long. If we make the expression unsigned it will be zero
extended. So make number an int32_t and rearrange a little for some
of the places that need fixing.
* cris-dis.c (print_with_operands): Avoid signed integer
overflow when collecting bytes of a 32-bit integer.
|
|
This was:
unsigned long mask = SBM (instruction->match_bits);
with
#define SBM(offs) ((((1 << (32 - offs)) -1) << (offs)))
Well, there are a couple of problems. Firstly, the expression uses
int values (1 rather than 1u or 1ul) resulting in the ubsan error, and
secondly, a zero offs will result in a 32-bit shift which is undefined
if ints are only 32 bits.
* cr16-dis.c (EXTRACT, SBM): Rewrite.
(cr16_match_opcode): Delete duplicate bcond test.
|
|
This was the following in fmtconst_val, x is unsigned int.
x = SIGNEXTEND (x, constant_formats[cf].nbits);
Problem is, the SIGNEXTEND macro assumed its arg was a long and sign
extended by shifting left then shifting right, and didn't cast the
arg. So don't do the silly shift thing. It's not guaranteed to work
anyway according to the C standard. ">>" might do a logical shift
even if its args are signed.
* bfin-dis.c (HOST_LONG_WORD_SIZE, XFIELD): Delete.
(SIGNBIT): New.
(MASKBITS, SIGNEXTEND): Rewrite.
(fmtconst): Don't use ? expression now that SIGNEXTEND uses
unsigned arithmetic, instead assign result of SIGNEXTEND back
to x.
(fmtconst_val): Use 1u in shift expression.
|
|
When operand->bits is 32, the following results in UB.
value = (insn >> operand->shift) & ((1 << operand->bits) - 1);
* arc-dis.c (find_format_from_table): Use ull constant when
shifting by up to 32.
|
|
Assembling this to an object and trying to disassemble results in
objdump -d looping forever.
.inst 0x45205120
PR 25270
* aarch64-dis.c (aarch64_decode_variant_using_iclass): Return
false when field is zero for sve_size_tsz_bhs.
|
|
Two places in epiphany_cgen_extract_operand, "value" is a long.
value = ((((value) << (1))) + (pc));
cpu/
* epiphany.cpu (f-simm8, f-simm24): Use multiply rather than
shift left to avoid UB on left shift of negative values.
opcodes/
* epiphany-ibld.c: Regenerate.
|
|
PR 24960
include/
* dis-asm.h (disassemble_free_target): Declare.
opcodes/
* disassemble.c (disassemble_free_target): New function.
binutils/
* objdump.c (disassemble_data): Call disassemble_free_target.
|
|
No cgen target uses private_data. This patch removes a
disassemble_info field that is only used by cgen, and instead uses
private_data. It also removes a macro that is no longer used.
include/
* dis-asm.h (struct disassemble_info): Delete insn_sets.
(INIT_DISASSEMBLE_INFO_NO_ARCH): Don't define.
opcodes/
* cgen-dis.in (print_insn_@arch@): Replace insn_sets with private_data.
* disassemble.c (disassemble_init_for_target): Likewise.
* bpf-dis.c: Regenerate.
* epiphany-dis.c: Regenerate.
* fr30-dis.c: Regenerate.
* frv-dis.c: Regenerate.
* ip2k-dis.c: Regenerate.
* iq2000-dis.c: Regenerate.
* lm32-dis.c: Regenerate.
* m32c-dis.c: Regenerate.
* m32r-dis.c: Regenerate.
* mep-dis.c: Regenerate.
* mt-dis.c: Regenerate.
* or1k-dis.c: Regenerate.
* xc16x-dis.c: Regenerate.
* xstormy16-dis.c: Regenerate.
|
|
ppc-dis.c used a global struct whenever malloc failed to provide the
eight bytes of memory necessary for struct dis_private. Which is
quite ridiculous. If that malloc failed there is zero chance some
other malloc won't fail too.
* ppc-dis.c (private): Delete variable.
(get_powerpc_dialect): Don't segfault on NULL info->private_data.
(powerpc_init_dialect): Don't use global private.
|
|
Wrap overlong lines, whitespace fixes, and for function definitions
start a line with the name of the function.
* s12z-opc.c: Formatting.
|
|
* s12z-opc.c (exg_sex_discrim): Don't leak memory on invalid
registers.
|
|
This, at the assembler level, is just a "brace" feature covering both
AES and SHA2. Hence there's no need for it to have a separate feature
flag, freeing up a bit for future re-use. Along these lines there are
also a number of dead definitions/variables in the opcode table file.
|
|
PR 25249
* microblaze-dis.c (NUM_STRBUFS, STRBUF_SIZE): Define.
(struct string_buf): New.
(strbuf): New function.
(get_field): Use strbuf rather than strdup of local temp.
(get_field_imm, get_field_imm5, get_field_imm5_mbar): Likewise.
(get_field_rfsl, get_field_imm15): Likewise.
(get_field_rd, get_field_r1, get_field_r2): Update macros.
(get_field_special): Likewise. Don't strcpy spr. Formatting.
(print_insn_microblaze): Formatting. Init and pass string_buf to
get_field functions.
|
