Fix potential illegal memory access when disassembling corrupt RX binaries.
authorNick Clifton <nickc@redhat.com>
Wed, 16 Oct 2019 11:56:58 +0000 (12:56 +0100)
committerNick Clifton <nickc@redhat.com>
Wed, 16 Oct 2019 11:56:58 +0000 (12:56 +0100)
opcodes * rx-dis.c (get_register_name): New function.  Provides safe
access to name array.
(get_condition_name, get_flag_name, get_double_register_name)
(get_double_register_high_name, get_double_register_low_name)
(get_double_control_register_name, get_double_condition_name):
Likewise.
(print_insn_rx): Use the accessor functions.

opcodes/ChangeLog
opcodes/rx-dis.c

index acde7a25313d96930a7bd55152844192b5f3cc24..fad7bfcd7c6ecbf147182609d4a2ea1191198b08 100644 (file)
@@ -1,3 +1,13 @@
+2019-10-16  Nick Clifton  <nickc@redhat.com>
+
+       * rx-dis.c (get_register_name): New function.  Provides safe
+       access to name array.
+       (get_condition_name, get_flag_name, get_double_register_name)
+       (get_double_register_high_name, get_double_register_low_name)
+       (get_double_control_register_name, get_double_condition_name):
+       Likewise.
+       (print_insn_rx): Use the accessor functions.
+
 2019-10-09  Nick Clifton  <nickc@redhat.com>
 
        PR 25041
index 1147d6438f492b054ab047e3e2899bc10741feb1..18bc170200d3e34063a6b2c6f246cf4f59ca86dd 100644 (file)
@@ -26,6 +26,8 @@
 #include "bfd.h"
 #include "dis-asm.h"
 #include "opcode/rx.h"
+#include "libiberty.h"
+#include "opintl.h"
 
 #include <setjmp.h>
 
@@ -76,10 +78,10 @@ static char const * opsize_names[RX_MAX_SIZE] =
 
 static char const * register_names[] =
 {
-  /* general registers */
+  /* General registers.  */
   "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
   "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15",
-  /* control register */
+  /* Control registers.  */
   "psw", "pc", "usp", "fpsw", NULL, NULL, NULL, NULL,
   "bpsw", "bpc", "isp", "fintv", "intb", "extb", NULL, NULL,
   "a0", "a1", NULL, NULL, NULL, NULL, NULL, NULL,
@@ -88,7 +90,7 @@ static char const * register_names[] =
 
 static char const * condition_names[] =
 {
-  /* condition codes */
+  /* Condition codes.  */
   "eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
   "ge", "lt", "gt", "le", "o", "no", "<invalid>", "<invalid>"
 };
@@ -129,6 +131,71 @@ static const char * double_condition_names[] =
   "", "un", "eq", "", "lt", "", "le",
 };
 
+static inline const char *
+get_register_name (unsigned int reg)
+{
+  if (reg < ARRAY_SIZE (register_names))
+    return register_names[reg];
+  return _("<inavlid register number>");
+}
+
+static inline const char *
+get_condition_name (unsigned int cond)
+{
+  if (cond < ARRAY_SIZE (condition_names))
+    return condition_names[cond];
+  return _("<inavlid condition code>");
+}
+
+static inline const char *
+get_flag_name (unsigned int flag)
+{
+  if (flag < ARRAY_SIZE (flag_names))
+    return flag_names[flag];
+  return _("<inavlid flag>");
+}
+
+static inline const char *
+get_double_register_name (unsigned int reg)
+{
+  if (reg < ARRAY_SIZE (double_register_names))
+    return double_register_names[reg];
+  return _("<inavlid register number>");
+}
+
+static inline const char *
+get_double_register_high_name (unsigned int reg)
+{
+  if (reg < ARRAY_SIZE (double_register_high_names))
+    return double_register_high_names[reg];
+  return _("<inavlid register number>");
+}
+
+static inline const char *
+get_double_register_low_name (unsigned int reg)
+{
+  if (reg < ARRAY_SIZE (double_register_low_names))
+    return double_register_low_names[reg];
+  return _("<inavlid register number>");
+}
+
+static inline const char *
+get_double_control_register_name (unsigned int reg)
+{
+  if (reg < ARRAY_SIZE (double_control_register_names))
+    return double_control_register_names[reg];
+  return _("<inavlid register number>");
+}
+
+static inline const char *
+get_double_condition_name (unsigned int cond)
+{
+  if (cond < ARRAY_SIZE (double_condition_names))
+    return double_condition_names[cond];
+  return _("<inavlid condition code>");
+}
+
+
 int
 print_insn_rx (bfd_vma addr, disassemble_info * dis)
 {
@@ -255,40 +322,40 @@ print_insn_rx (bfd_vma addr, disassemble_info * dis)
                    break;
                  case RX_Operand_Register:
                  case RX_Operand_TwoReg:
-                   PR (PS, "%s", register_names[oper->reg]);
+                   PR (PS, "%s", get_register_name (oper->reg));
                    break;
                  case RX_Operand_Indirect:
-                   PR (PS, "%d[%s]", oper->addend, register_names[oper->reg]);
+                   PR (PS, "%d[%s]", oper->addend, get_register_name (oper->reg));
                    break;
                  case RX_Operand_Zero_Indirect:
-                   PR (PS, "[%s]", register_names[oper->reg]);
+                   PR (PS, "[%s]", get_register_name (oper->reg));
                    break;
                  case RX_Operand_Postinc:
-                   PR (PS, "[%s+]", register_names[oper->reg]);
+                   PR (PS, "[%s+]", get_register_name (oper->reg));
                    break;
                  case RX_Operand_Predec:
-                   PR (PS, "[-%s]", register_names[oper->reg]);
+                   PR (PS, "[-%s]", get_register_name (oper->reg));
                    break;
                  case RX_Operand_Condition:
-                   PR (PS, "%s", condition_names[oper->reg]);
+                   PR (PS, "%s", get_condition_name (oper->reg));
                    break;
                  case RX_Operand_Flag:
-                   PR (PS, "%s", flag_names[oper->reg]);
+                   PR (PS, "%s", get_flag_name (oper->reg));
                    break;
                  case RX_Operand_DoubleReg:
-                   PR (PS, "%s", double_register_names[oper->reg]);
+                   PR (PS, "%s", get_double_register_name (oper->reg));
                    break;
                  case RX_Operand_DoubleRegH:
-                   PR (PS, "%s", double_register_high_names[oper->reg]);
+                   PR (PS, "%s", get_double_register_high_name (oper->reg));
                    break;
                  case RX_Operand_DoubleRegL:
-                   PR (PS, "%s", double_register_low_names[oper->reg]);
+                   PR (PS, "%s", get_double_register_low_name (oper->reg));
                    break;
                  case RX_Operand_DoubleCReg:
-                   PR (PS, "%s", double_control_register_names[oper->reg]);
+                   PR (PS, "%s", get_double_control_register_name (oper->reg));
                    break;
                  case RX_Operand_DoubleCond:
-                   PR (PS, "%s", double_condition_names[oper->reg]);
+                   PR (PS, "%s", get_double_condition_name (oper->reg));
                    break;
                  default:
                    PR (PS, "[???]");