Fix an illegal memory access when attempting to disassemble a corrupt TIC30 binary.

author Nick Clifton <nickc@redhat.com>

Tue, 11 May 2021 10:29:58 +0000 (11:29 +0100)

committer Nick Clifton <nickc@redhat.com>

Tue, 11 May 2021 10:29:58 +0000 (11:29 +0100)
author Nick Clifton <nickc@redhat.com>
Tue, 11 May 2021 10:29:58 +0000 (11:29 +0100)
committer Nick Clifton <nickc@redhat.com>
Tue, 11 May 2021 10:29:58 +0000 (11:29 +0100)
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog

index bc5d44fc773ef10a981b605de6c161897f8df4b4..6a4bd6f29f7ec724df91e2e0cea12ab0a5645a5a 100644 (file)
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,3 +1,9 @@
+2021-05-11  Nick Clifton  <nickc@redhat.com>
+
+       PR 27840
+       * tic30-dis.c (print_insn_tic30): Prevent attempts to read beyond
+       the end of the code buffer.
+
  2021-05-06  Stafford Horne  <shorne@gmail.com>
  
         PR 21464
diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c

index 67d3f24bdc839149a8a0a20b34bc0d701b6a06b0..bb96c07e712af3227d11840564b7bdf36ff082f6 100644 (file)
--- a/opcodes/tic30-dis.c
+++ b/opcodes/tic30-dis.c
@@ -695,6 +695,9 @@ print_insn_tic30 (bfd_vma pc, disassemble_info *info)
    struct instruction insn = { 0, NULL, NULL };
    bfd_vma bufaddr = pc - info->buffer_vma;
  
+  if (bufaddr + 3 >= info->buffer_length)
+    return -1;
+
    /* Obtain the current instruction word from the buffer.  */
    insn_word = (((unsigned) *(info->buffer + bufaddr) << 24)
                | (*(info->buffer + bufaddr + 1) << 16)
author	Nick Clifton <nickc@redhat.com>
	Tue, 11 May 2021 10:29:58 +0000 (11:29 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 11 May 2021 10:29:58 +0000 (11:29 +0100)
opcodes/ChangeLog		patch \| blob \| blame \| history
opcodes/tic30-dis.c		patch \| blob \| blame \| history