From 030a2e78acf66c5c12e073ec3887a167da7a7195 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 8 Jan 2020 11:42:36 +1030
Subject: [PATCH] ubsan: z8k: index 10 out of bounds for type 'unsigned int
 const[10]'

The fix is the additional ARRAY_SIZE test, the rest just tidies
variable types rather than adding a cast to avoid warnings.

opcodes/
	* z8k-dis.c: Include libiberty.h
	(instr_data_s): Make max_fetched unsigned.
	(z8k_lookup_instr): Make nibl_index and tabl_index unsigned.
	Don't exceed byte_info bounds.
	(output_instr): Make num_bytes unsigned.
	(unpack_instr): Likewise for nibl_count and loop.
	* z8kgen.c (gas <opcode_entry_type>): Make noperands, length and
	idx unsigned.
	* z8k-opc.h: Regenerate.
gas/
	* config/tc-z8k.c (md_begin): Make idx unsigned.
	(get_specific): Likewise for this_index.
---
 gas/ChangeLog       |  5 +++++
 gas/config/tc-z8k.c |  4 ++--
 opcodes/ChangeLog   | 12 ++++++++++++
 opcodes/z8k-dis.c   | 13 ++++++++-----
 opcodes/z8k-opc.h   |  6 +++---
 opcodes/z8kgen.c    |  6 +++---
 6 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 1c61732fab..46ce02ee65 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,8 @@
+2020-01-08  Alan Modra  <amodra@gmail.com>
+
+	* config/tc-z8k.c (md_begin): Make idx unsigned.
+	(get_specific): Likewise for this_index.
+
 2020-01-07  Claudiu Zissulescu  <claziss@synopsys.com>
 
 	* onfig/tc-arc.c (parse_reloc_symbol): New function.
diff --git a/gas/config/tc-z8k.c b/gas/config/tc-z8k.c
index d61a51f454..ea4ee3a6b1 100644
--- a/gas/config/tc-z8k.c
+++ b/gas/config/tc-z8k.c
@@ -143,7 +143,7 @@ void
 md_begin (void)
 {
   const opcode_entry_type *opcode;
-  int idx = -1;
+  unsigned int idx = -1u;
 
   opcode_hash_control = hash_new ();
 
@@ -861,7 +861,7 @@ get_specific (opcode_entry_type *opcode, op_type *operands)
   int found = 0;
   unsigned int noperands = opcode->noperands;
 
-  int this_index = opcode->idx;
+  unsigned int this_index = opcode->idx;
 
   while (this_index == opcode->idx && !found)
     {
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
index 220b9f4c5f..011943d55a 100644
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,3 +1,15 @@
+2020-01-08  Alan Modra  <amodra@gmail.com>
+
+	* z8k-dis.c: Include libiberty.h
+	(instr_data_s): Make max_fetched unsigned.
+	(z8k_lookup_instr): Make nibl_index and tabl_index unsigned.
+	Don't exceed byte_info bounds.
+	(output_instr): Make num_bytes unsigned.
+	(unpack_instr): Likewise for nibl_count and loop.
+	* z8kgen.c (gas <opcode_entry_type>): Make noperands, length and
+	idx unsigned.
+	* z8k-opc.h: Regenerate.
+
 2020-01-07  Shahab Vahedi  <shahab@synopsys.com>
 
 	* arc-tbl.h (llock): Use 'LLOCK' as class.
diff --git a/opcodes/z8k-dis.c b/opcodes/z8k-dis.c
index 7cd59d8681..cb871decfa 100644
--- a/opcodes/z8k-dis.c
+++ b/opcodes/z8k-dis.c
@@ -20,6 +20,7 @@
 
 #include "sysdep.h"
 #include "disassemble.h"
+#include "libiberty.h"
 
 #define DEFINE_TABLE
 #include "z8k-opc.h"
@@ -35,7 +36,7 @@ typedef struct
   unsigned short words[24];
 
   /* Nibble number of first word not yet fetched.  */
-  int max_fetched;
+  unsigned int max_fetched;
   bfd_vma insn_start;
   OPCODES_SIGJMP_BUF bailout;
 
@@ -189,7 +190,7 @@ print_insn_z8002 (bfd_vma addr, disassemble_info *info)
 int
 z8k_lookup_instr (unsigned char *nibbles, disassemble_info *info)
 {
-  int nibl_index, tabl_index;
+  unsigned int nibl_index, tabl_index;
   int nibl_matched;
   int need_fetch = 0;
   unsigned short instr_nibl;
@@ -202,7 +203,9 @@ z8k_lookup_instr (unsigned char *nibbles, disassemble_info *info)
     {
       nibl_matched = 1;
       for (nibl_index = 0;
-	   nibl_index < z8k_table[tabl_index].length * 2 && nibl_matched;
+	   nibl_matched
+	     && nibl_index < ARRAY_SIZE (z8k_table[0].byte_info)
+	     && nibl_index < z8k_table[tabl_index].length * 2;
 	   nibl_index++)
 	{
 	  if ((nibl_index % 4) == 0)
@@ -281,7 +284,7 @@ output_instr (instr_data_s *instr_data,
               unsigned long addr ATTRIBUTE_UNUSED,
               disassemble_info *info)
 {
-  int num_bytes;
+  unsigned int num_bytes;
   char out_str[100];
 
   out_str[0] = 0;
@@ -297,7 +300,7 @@ output_instr (instr_data_s *instr_data,
 static void
 unpack_instr (instr_data_s *instr_data, int is_segmented, disassemble_info *info)
 {
-  int nibl_count, loop;
+  unsigned int nibl_count, loop;
   unsigned short instr_nibl, instr_byte, instr_word;
   long instr_long;
   unsigned int tabl_datum, datum_class;
diff --git a/opcodes/z8k-opc.h b/opcodes/z8k-opc.h
index 68c4ad4800..35ce4bc655 100644
--- a/opcodes/z8k-opc.h
+++ b/opcodes/z8k-opc.h
@@ -292,9 +292,9 @@ typedef struct {
   void (*func) (void);
   unsigned int arg_info[4];
   unsigned int byte_info[10];
-  int noperands;
-  int length;
-  int idx;
+  unsigned int noperands;
+  unsigned int length;
+  unsigned int idx;
 } opcode_entry_type;
 
 #ifdef DEFINE_TABLE
diff --git a/opcodes/z8kgen.c b/opcodes/z8kgen.c
index a1b74ca4f3..b72fcffa35 100644
--- a/opcodes/z8kgen.c
+++ b/opcodes/z8kgen.c
@@ -1290,9 +1290,9 @@ gas (void)
   printf ("  void (*func) (void);\n");
   printf ("  unsigned int arg_info[4];\n");
   printf ("  unsigned int byte_info[%d];\n", BYTE_INFO_LEN);
-  printf ("  int noperands;\n");
-  printf ("  int length;\n");
-  printf ("  int idx;\n");
+  printf ("  unsigned int noperands;\n");
+  printf ("  unsigned int length;\n");
+  printf ("  unsigned int idx;\n");
   printf ("} opcode_entry_type;\n\n");
   printf ("#ifdef DEFINE_TABLE\n");
   printf ("const opcode_entry_type z8k_table[] = {\n");
-- 
2.34.1