From d3d1cc7b13b4b1f11862d6b58174c81536fb3340 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Fri, 5 Jun 2020 16:18:47 +0930 Subject: [PATCH] bpf stack smashing detected * cgen-dis.c (hash_insn_array): Increase size of buf. Assert size is large enough. --- opcodes/ChangeLog | 5 +++++ opcodes/cgen-dis.c | 11 ++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index 63824c8e336..86e381acc97 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,3 +1,8 @@ +2020-06-05 Alan Modra + + * cgen-dis.c (hash_insn_array): Increase size of buf. Assert + size is large enough. + 2020-06-04 Jose E. Marchesi * disassemble.c (disassemble_init_for_target): Set endian_code for diff --git a/opcodes/cgen-dis.c b/opcodes/cgen-dis.c index bcc5b4b8909..377c93cfab3 100644 --- a/opcodes/cgen-dis.c +++ b/opcodes/cgen-dis.c @@ -24,6 +24,7 @@ #include "bfd.h" #include "symcat.h" #include "opcode/cgen.h" +#include "disassemble.h" static CGEN_INSN_LIST * hash_insn_array (CGEN_CPU_DESC, const CGEN_INSN *, int, int, CGEN_INSN_LIST **, CGEN_INSN_LIST *); static CGEN_INSN_LIST * hash_insn_list (CGEN_CPU_DESC, const CGEN_INSN_LIST *, CGEN_INSN_LIST **, CGEN_INSN_LIST *); @@ -110,9 +111,10 @@ hash_insn_array (CGEN_CPU_DESC cd, for (i = count - 1; i >= 0; --i, ++hentbuf) { unsigned int hash; - char buf [4]; + char buf [8]; unsigned long value; const CGEN_INSN *insn = &insns[i]; + size_t size; if (! (* cd->dis_hash_p) (insn)) continue; @@ -121,10 +123,9 @@ hash_insn_array (CGEN_CPU_DESC cd, to hash on, so set both up. */ value = CGEN_INSN_BASE_VALUE (insn); - bfd_put_bits ((bfd_vma) value, - buf, - CGEN_INSN_MASK_BITSIZE (insn), - big_p); + size = CGEN_INSN_MASK_BITSIZE (insn); + OPCODES_ASSERT (size <= sizeof (buf) * 8); + bfd_put_bits ((bfd_vma) value, buf, size, big_p); hash = (* cd->dis_hash) (buf, value); add_insn_to_hash_chain (hentbuf, insn, htable, hash); } -- 2.30.2