From: Nick Clifton <nickc@redhat.com>
Date: Tue, 3 Sep 2019 14:37:12 +0000 (+0100)
Subject: Fix buffer underrun bug in the TI C30 disassembler.
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=f44b758d3133ef0a7f3131c1e12ed20feb33ee61;p=binutils-gdb.git

Fix buffer underrun bug in the TI C30 disassembler.

	PR 24961
	* tic30-dis.c (get_indirect_operand): Check for bufcnt being
	greater than zero before indexing via (bufcnt -1).
---

diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
index 87e3f74663d..64b6a07ac49 100644
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,3 +1,9 @@
+2019-09-03  Nick Clifton  <nickc@redhat.com>
+
+	PR 24961
+	* tic30-dis.c (get_indirect_operand): Check for bufcnt being
+	greater than zero before indexing via (bufcnt -1).
+
 2019-09-03  Nick Clifton  <nickc@redhat.com>
 
 	PR 24958
diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c
index c64aceb29fa..668c519df87 100644
--- a/opcodes/tic30-dis.c
+++ b/opcodes/tic30-dis.c
@@ -253,7 +253,9 @@ get_indirect_operand (unsigned short fragment,
 		for (i = 0, bufcnt = 0; i < len; i++, bufcnt++)
 		  {
 		    buffer[bufcnt] = current_ind->syntax[i];
-		    if (buffer[bufcnt - 1] == 'a' && buffer[bufcnt] == 'r')
+		    if (bufcnt > 0
+			&& buffer[bufcnt - 1] == 'a'
+			&& buffer[bufcnt] == 'r')
 		      buffer[++bufcnt] = arnum + '0';
 		    if (buffer[bufcnt] == '('
 			&& current_ind->displacement == DISP_REQUIRED)