From 6207ed28773381859319cf314eb9c4e0683c0773 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 22 Oct 2019 12:01:45 +0100 Subject: Prevent more potential illegal memory accesses in the RX disassembler. * rx-dis.c (get_size_name): New function. Provides safe access to name array. (get_opsize_name): Likewise. (print_insn_rx): Use the accessor functions. --- opcodes/ChangeLog | 7 +++++++ opcodes/rx-dis.c | 50 ++++++++++++++++++++++++++++++++++---------------- 2 files changed, 41 insertions(+), 16 deletions(-) (limited to 'opcodes') diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index fad7bfc..e53e95c 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,3 +1,10 @@ +2019-10-22 Nick Clifton + + * rx-dis.c (get_size_name): New function. Provides safe + access to name array. + (get_opsize_name): Likewise. + (print_insn_rx): Use the accessor functions. + 2019-10-16 Nick Clifton * rx-dis.c (get_register_name): New function. Provides safe diff --git a/opcodes/rx-dis.c b/opcodes/rx-dis.c index 18bc170..8d5ee87 100644 --- a/opcodes/rx-dis.c +++ b/opcodes/rx-dis.c @@ -195,6 +195,22 @@ get_double_condition_name (unsigned int cond) return _(""); } +static inline const char * +get_opsize_name (unsigned int opsize) +{ + if (opsize < ARRAY_SIZE (opsize_names)) + return opsize_names[opsize]; + return _(""); +} + +static inline const char * +get_size_name (unsigned int size) +{ + if (size < ARRAY_SIZE (size_names)) + return size_names[size]; + return _(""); +} + int print_insn_rx (bfd_vma addr, disassemble_info * dis) @@ -278,25 +294,27 @@ print_insn_rx (bfd_vma addr, disassemble_info * dis) break; case 's': - PR (PS, "%s", opsize_names[opcode.size]); + PR (PS, "%s", get_opsize_name (opcode.size)); break; case 'b': s ++; - if (*s == 'f') { - int imm = opcode.op[2].addend; - int slsb, dlsb, width; - dlsb = (imm >> 5) & 0x1f; - slsb = (imm & 0x1f); - slsb = (slsb >= 0x10?(slsb ^ 0x1f) + 1:slsb); - slsb = dlsb - slsb; - slsb = (slsb < 0?-slsb:slsb); - width = ((imm >> 10) & 0x1f) - dlsb; - PR (PS, "#%d, #%d, #%d, %s, %s", - slsb, dlsb, width, - register_names[opcode.op[1].reg], - register_names[opcode.op[0].reg]); - } + if (*s == 'f') + { + int imm = opcode.op[2].addend; + int slsb, dlsb, width; + + dlsb = (imm >> 5) & 0x1f; + slsb = (imm & 0x1f); + slsb = (slsb >= 0x10?(slsb ^ 0x1f) + 1:slsb); + slsb = dlsb - slsb; + slsb = (slsb < 0?-slsb:slsb); + width = ((imm >> 10) & 0x1f) - dlsb; + PR (PS, "#%d, #%d, #%d, %s, %s", + slsb, dlsb, width, + get_register_name (opcode.op[1].reg), + get_register_name (opcode.op[0].reg)); + } break; case '0': case '1': @@ -305,7 +323,7 @@ print_insn_rx (bfd_vma addr, disassemble_info * dis) if (do_size) { if (oper->type == RX_Operand_Indirect || oper->type == RX_Operand_Zero_Indirect) - PR (PS, "%s", size_names[oper->size]); + PR (PS, "%s", get_size_name (oper->size)); } else switch (oper->type) -- cgit v1.1