Fix array overruns in the S12Z disassembler.

* s12z-dis.c (opr_emit_disassembly): Check for illegal register values. (shift_size_table): Use a fixed size defined as S12Z_N_SIZES. (print_insn_s12z): Check for illegal size values.
author: Nick Clifton <nickc@redhat.com> 2019-10-29 09:17:39 +0000
committer: Nick Clifton <nickc@redhat.com> 2019-10-29 09:17:39 +0000
commit: 66a66a17f489a4ffc614a31855e8d6f516e24640 (patch)
tree: 05d7f8980ceded5a6c341b4bee01813e86c02e7d /opcodes/s12z-opc.c
parent: 2f1575ea6f93a3f0c2b439ac6bf5fe34ef42a1ad (diff)
download: binutils-gdb-66a66a17f489a4ffc614a31855e8d6f516e24640.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/opcodes/s12z-opc.c b/opcodes/s12z-opc.c
index eef097dfd48..e7a3577ef7d 100644
--- a/opcodes/s12z-opc.c
+++ b/opcodes/s12z-opc.c
@@ -2205,8 +2205,16 @@ exg_sex_discrim (struct mem_read_abstraction_base *mra, enum optr hint ATTRIBUTE
   struct operand *op0 = create_register_operand ((eb & 0xf0) >> 4);
   struct operand *op1 = create_register_operand (eb & 0xf);
 
-  const struct reg *r0 = registers + ((struct register_operand *) op0)->reg;
-  const struct reg *r1 = registers + ((struct register_operand *) op1)->reg;
+  int reg0 = ((struct register_operand *) op0)->reg;
+  if (reg0 < 0 || reg0 >= S12Z_N_REGISTERS)
+    return OP_INVALID;
+
+  int reg1 = ((struct register_operand *) op1)->reg;
+  if (reg1 < 0 || reg1 >= S12Z_N_REGISTERS)
+    return OP_INVALID;
+
+  const struct reg *r0 = registers + reg0;
+  const struct reg *r1 = registers + reg1;
 
   enum optr operator = (r0->bytes < r1->bytes) ? OP_sex : OP_exg;
author	Nick Clifton <nickc@redhat.com>	2019-10-29 09:17:39 +0000
committer	Nick Clifton <nickc@redhat.com>	2019-10-29 09:17:39 +0000
commit	66a66a17f489a4ffc614a31855e8d6f516e24640 (patch)
tree	05d7f8980ceded5a6c341b4bee01813e86c02e7d /opcodes/s12z-opc.c
parent	2f1575ea6f93a3f0c2b439ac6bf5fe34ef42a1ad (diff)
download	binutils-gdb-66a66a17f489a4ffc614a31855e8d6f516e24640.tar.gz