From 84e098cdea4eb6a5ddc525a2145ffe66475fa2af Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Mon, 16 Dec 2019 10:00:39 +1030 Subject: [PATCH] asan: score: global-buffer-overflow I'm flying blind here, not having an s+core s3 insn set reference, but this seems reasonably obvious from what is done by the assembler. s3_do16_rpop does some mixing of imm and reg values to place in the rpop reg field, but I'm not going to try to fix the disassembly there. * score-dis.c (print_insn_score16): Move rpush/rpop imm field value adjustment so that it doesn't affect reg field too. --- opcodes/ChangeLog | 5 +++++ opcodes/score-dis.c | 16 +++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index 9cc0ba491e..ce56ec0231 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,3 +1,8 @@ +2019-12-16 Alan Modra + + * score-dis.c (print_insn_score16): Move rpush/rpop imm field + value adjustment so that it doesn't affect reg field too. + 2019-12-16 Alan Modra * crx-dis.c (EXTRACT, SBM): Avoid signed overflow. diff --git a/opcodes/score-dis.c b/opcodes/score-dis.c index 69c801b252..74a1f1d932 100644 --- a/opcodes/score-dis.c +++ b/opcodes/score-dis.c @@ -954,15 +954,6 @@ print_insn_score16 (bfd_vma pc, struct disassemble_info *info, long given) reg = given >> bitstart; reg &= (2 << (bitend - bitstart)) - 1; - /* Check rpush rd, 0 and rpop! rd, 0. - If reg = 0, then set to 32. */ - if (((given & 0x00007c00) == 0x00006c00 - || (given & 0x00007c00) == 0x00006800) - && reg == 0) - { - reg = 32; - } - switch (*c) { case 'R': @@ -972,6 +963,13 @@ print_insn_score16 (bfd_vma pc, struct disassemble_info *info, long given) func (stream, "%s", score_regnames[reg]); break; case 'd': + /* Check rpush rd, 0 and rpop! rd, 0. + If 0, then print 32. */ + if (((given & 0x00007c00) == 0x00006c00 + || (given & 0x00007c00) == 0x00006800) + && reg == 0) + reg = 32; + if (*(c + 1) == '\0') func (stream, "%ld", reg); else -- 2.34.1