pj: asan: out of bounds, ubsan: left shift of negative

	* pj-dis.c: Include libiberty.h.
	(print_insn_pj): Don't index op->arg past array bound.  Don't
	left shift negative int.

diff --git a/opcodes/pj-dis.c b/opcodes/pj-dis.c
index a67ea389566a59b4886258038f11f9860b8542e4..f0708a0522ea337b9a140fefbe74c1d63c0eb8a1 100644 (file)
--- a/opcodes/pj-dis.c
+++ b/opcodes/pj-dis.c
@@ -21,6 +21,7 @@
 
 #include "sysdep.h"
 #include <stdio.h>
+#include "libiberty.h"
 #include "opcode/pj.h"
 #include "disassemble.h"
 
@@ -65,7 +66,7 @@ print_insn_pj (bfd_vma addr, struct disassemble_info *info)
       char *sep = "\t";
       int insn_start = addr;
       const pj_opc_info_t *op = &pj_opc_info[opcode];
-      int a;
+      unsigned int a;
 
       addr++;
       fprintf_fn (stream, "%s", op->u.name);
@@ -145,7 +146,7 @@ print_insn_pj (bfd_vma addr, struct disassemble_info *info)
          return addr - insn_start;
        }
 
-      for (a = 0; op->arg[a]; a++)
+      for (a = 0; a < ARRAY_SIZE (op->arg) && op->arg[a]; a++)
        {
          unsigned char data[4];
          int val = 0;
@@ -158,7 +159,7 @@ print_insn_pj (bfd_vma addr, struct disassemble_info *info)
          val = (UNS (op->arg[0]) || ((data[0] & 0x80) == 0)) ? 0 : -1;
 
          for (i = 0; i < size; i++)
-           val = (val << 8) | (data[i] & 0xff);
+           val = ((unsigned) val << 8) | (data[i] & 0xff);
 
          fprintf_fn (stream, "%s", sep);
          if (PCREL (op->arg[a]))