Imagelibrary/binutils-gdb
1
0
Fork 1
mirror of https://github.com/bminor/binutils-gdb.git synced 2025-12-05 15:15:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix an illegal memory access when disassembling a corrupt MeP file.

Browse Source 
PR 30231
  * mep.opc (mep_print_insn): Check for an out of range index.
This commit is contained in:
Nick Clifton
2023-03-15 13:06:23 +00:00
parent 7718604518
commit 71f646f2b3
4 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpu/ChangeLog
View File

@@ -1,3 +1,8 @@
2023-03-15 Nick Clifton <nickc@redhat.com>
PR 30231
* mep.opc (mep_print_insn): Check for an out of range index.
2022-12-31 Nick Clifton <nickc@redhat.com> 2022-12-31 Nick Clifton <nickc@redhat.com>
* 2.40 branch created. * 2.40 branch created.

14
cpu/mep.opc
View File

@@ -1453,6 +1453,20 @@ mep_print_insn (CGEN_CPU_DESC cd, bfd_vma pc, disassemble_info *info)
mep_config_index = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_INDEX_MASK; mep_config_index = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_INDEX_MASK;
/* This instantly redefines MEP_CONFIG, MEP_OMASK, .... MEP_VLIW64 */ /* This instantly redefines MEP_CONFIG, MEP_OMASK, .... MEP_VLIW64 */
/* mep_config_map is a variable sized array, so we do not know how big it is.
The only safe way to check the index therefore is to iterate over the array.
We do know that the last entry is all null. */
int i;
for (i = 0; i <= mep_config_index; i++)
if (mep_config_map[i].name == NULL)
break;
if (i < mep_config_index)
{
opcodes_error_handler (_("illegal MEP INDEX setting '%x' in ELF header e_flags field"), mep_config_index);
mep_config_index = 0;
}
cop_type = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_COP_MASK; cop_type = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_COP_MASK;
if (cop_type == EF_MEP_COP_IVC2) if (cop_type == EF_MEP_COP_IVC2)
ivc2 = 1; ivc2 = 1;

5
opcodes/ChangeLog
View File

@@ -1,3 +1,8 @@
2023-03-15 Nick Clifton <nickc@redhat.com>
PR 30231
* mep-dis.c: Regenerate.
2023-03-15 Nick Clifton <nickc@redhat.com> 2023-03-15 Nick Clifton <nickc@redhat.com>
PR 30230 PR 30230

14
opcodes/mep-dis.c
View File

@@ -649,6 +649,20 @@ mep_print_insn (CGEN_CPU_DESC cd, bfd_vma pc, disassemble_info *info)
mep_config_index = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_INDEX_MASK; mep_config_index = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_INDEX_MASK;
/* This instantly redefines MEP_CONFIG, MEP_OMASK, .... MEP_VLIW64 */ /* This instantly redefines MEP_CONFIG, MEP_OMASK, .... MEP_VLIW64 */
/* mep_config_map is a variable sized array, so we do not know how big it is.
The only safe way to check the index therefore is to iterate over the array.
We do know that the last entry is all null. */
int i;
for (i = 0; i <= mep_config_index; i++)
if (mep_config_map[i].name == NULL)
break;
if (i < mep_config_index)
{
opcodes_error_handler (_("illegal MEP INDEX setting '%x' in ELF header e_flags field"), mep_config_index);
mep_config_index = 0;
}
cop_type = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_COP_MASK; cop_type = abfd->tdata.elf_obj_data->elf_header->e_flags & EF_MEP_COP_MASK;
if (cop_type == EF_MEP_COP_IVC2) if (cop_type == EF_MEP_COP_IVC2)
ivc2 = 1; ivc2 = 1;