Fix address violation when disassembling a corrupt RL78 binary.

PR binutils/21588 * rl78-decode.opc (OP_BUF_LEN): Define. (GETBYTE): Check for the index exceeding OP_BUF_LEN. (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf array. * rl78-decode.c: Regenerate.
author: Nick Clifton <nickc@redhat.com> 2017-06-15 12:37:01 +0100
committer: Nick Clifton <nickc@redhat.com> 2017-06-15 12:37:01 +0100
commit: 63323b5b23bd83fa7b04ea00dff593c933e9b0e3 (patch)
tree: 847e43e1cb1360659a92c2d8c04b4d29bcb73f88 /opcodes/rl78-decode.opc
parent: 76800cba595efc3fe95a446c2d664e42ae4ee869 (diff)
download: binutils-gdb-63323b5b23bd83fa7b04ea00dff593c933e9b0e3.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/opcodes/rl78-decode.opc b/opcodes/rl78-decode.opc
index 6212f08147c..b25e4410a86 100644
--- a/opcodes/rl78-decode.opc
+++ b/opcodes/rl78-decode.opc
@@ -50,7 +50,9 @@ typedef struct
 #define W() rl78->size = RL78_Word
 
 #define AU ATTRIBUTE_UNUSED
-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
+
+#define OP_BUF_LEN 20
+#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
 #define B ((unsigned long) GETBYTE())
 
 #define SYNTAX(x) rl78->syntax = x
@@ -168,7 +170,7 @@ rl78_decode_opcode (unsigned long pc AU,
 		  RL78_Dis_Isa isa)
 {
   LocalData lds, * ld = &lds;
-  unsigned char op_buf[20] = {0};
+  unsigned char op_buf[OP_BUF_LEN] = {0};
   unsigned char *op = op_buf;
   int op0, op1;
author	Nick Clifton <nickc@redhat.com>	2017-06-15 12:37:01 +0100
committer	Nick Clifton <nickc@redhat.com>	2017-06-15 12:37:01 +0100
commit	63323b5b23bd83fa7b04ea00dff593c933e9b0e3 (patch)
tree	847e43e1cb1360659a92c2d8c04b4d29bcb73f88 /opcodes/rl78-decode.opc
parent	76800cba595efc3fe95a446c2d664e42ae4ee869 (diff)
download	binutils-gdb-63323b5b23bd83fa7b04ea00dff593c933e9b0e3.tar.gz