Fix buffer underrun bug in the TI C30 disassembler.

author Nick Clifton <nickc@redhat.com>

Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)

committer Nick Clifton <nickc@redhat.com>

Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
author Nick Clifton <nickc@redhat.com>
Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
committer Nick Clifton <nickc@redhat.com>
Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog

index 87e3f74663d7b27641b88e613a83d8d5c513b26c..64b6a07ac4934c1a36c8d03b87ce3dbc3771ee70 100644 (file)
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,3 +1,9 @@
+2019-09-03  Nick Clifton  <nickc@redhat.com>
+
+       PR 24961
+       * tic30-dis.c (get_indirect_operand): Check for bufcnt being
+       greater than zero before indexing via (bufcnt -1).
+
  2019-09-03  Nick Clifton  <nickc@redhat.com>
  
         PR 24958
diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c

index c64aceb29fa5eacb13ceeb1ab44d412f25b62890..668c519df87aa65d46c092fc923a52689a1750d7 100644 (file)
--- a/opcodes/tic30-dis.c
+++ b/opcodes/tic30-dis.c
@@ -253,7 +253,9 @@ get_indirect_operand (unsigned short fragment,
                 for (i = 0, bufcnt = 0; i < len; i++, bufcnt++)
                   {
                     buffer[bufcnt] = current_ind->syntax[i];
-                   if (buffer[bufcnt - 1] == 'a' && buffer[bufcnt] == 'r')
+                   if (bufcnt > 0
+                       && buffer[bufcnt - 1] == 'a'
+                       && buffer[bufcnt] == 'r')
                       buffer[++bufcnt] = arnum + '0';
                     if (buffer[bufcnt] == '('
                         && current_ind->displacement == DISP_REQUIRED)
author	Nick Clifton <nickc@redhat.com>
	Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
opcodes/ChangeLog		patch \| blob \| history
opcodes/tic30-dis.c		patch \| blob \| history