Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

vax decoding of indexed addressing mode

Browse Source 
This patch prevents print_insn_mode recursing into another index mode
byte, which if repeated enough times will overflow private.the_buffer
and scribble over other memory.

	* vax-dis.c (print_insn_mode): Stop index mode recursion.
This commit is contained in:
Alan Modra
2019-12-19 15:38:39 +10:30
parent 9ad9b810c3
commit f00901886d
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
opcodes/vax-dis.c
View File

@@ -240,8 +240,18 @@ print_insn_mode (const char *d,
(*info->fprintf_func) (info->stream, "$0x%x", mode);
break;
case 0x40: /* Index: base-addr[Rn] */
p += print_insn_mode (d, size, p0 + 1, addr + 1, info);
(*info->fprintf_func) (info->stream, "[%s]", reg_names[reg]);
{
unsigned char *q = p0 + 1;
unsigned char nextmode = NEXTBYTE (q);
if (nextmode < 0x60 || nextmode == 0x8f)
/* Literal, index, register, or immediate is invalid. In
particular don't recurse into another index mode which
might overflow the_buffer. */
(*info->fprintf_func) (info->stream, "[invalid base]");
else
p += print_insn_mode (d, size, p0 + 1, addr + 1, info);
(*info->fprintf_func) (info->stream, "[%s]", reg_names[reg]);
}
break;
case 0x50: /* Register: Rn */
(*info->fprintf_func) (info->stream, "%s", reg_names[reg]);