Add a sanity check to the init_nfp6000_mecsr_sec() function in the NFP disassembler.

author: Yinjun Zhang <yinjun.zhang@corigine.com> 2021-09-06 10:44:29 +0100
committer: Nick Clifton <nickc@redhat.com> 2021-09-06 10:44:29 +0100
commit: ac11cca5b6499f065fa5e078958ae24ba14bcbfc (patch)
tree: 19507d79806d6839c48fac44e878c99d8ddf3157 /opcodes
parent: 5a20fadc84144c2649f7f7c029f1604f003a3834 (diff)
download: binutils-gdb-ac11cca5b6499f065fa5e078958ae24ba14bcbfc.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/opcodes/nfp-dis.c b/opcodes/nfp-dis.c
index 170f6a2d63e..3938046474a 100644
--- a/opcodes/nfp-dis.c
+++ b/opcodes/nfp-dis.c
@@ -2594,7 +2594,7 @@ init_nfp3200_priv (nfp_priv_data * priv, struct disassemble_info *dinfo)
 
 static bool
 init_nfp6000_mecsr_sec (nfp_priv_data * priv, Elf_Internal_Shdr * sec,
-			int is_for_text, struct disassemble_info *dinfo)
+			bool is_for_text, struct disassemble_info *dinfo)
 {
   Elf_Nfp_InitRegEntry ireg;
   unsigned char buffer[sizeof (Elf_Nfp_InitRegEntry)];
@@ -2644,6 +2644,9 @@ init_nfp6000_mecsr_sec (nfp_priv_data * priv, Elf_Internal_Shdr * sec,
       menum = _BF (ireg.cpp_offset_lo, 13, 10) - 4;
       csr_off = _BF (ireg.cpp_offset_lo, 9, 0);
 
+      if (isl >= _NFP_ISLAND_MAX || menum >= _NFP_ME_MAX)
+	return false;
+	
       mecfg = &priv->mecfgs[isl][menum][is_for_text];
       switch (csr_off)
 	{
@@ -2669,7 +2672,7 @@ init_nfp6000_priv (nfp_priv_data * priv, struct disassemble_info *dinfo)
   size_t isl;
   unsigned int sec_cnt = 0;
   unsigned int sec_idx;
-  int is_for_text;
+  bool is_for_text;
 
   memset (mecfg_orders, -1, sizeof (mecfg_orders));
author	Yinjun Zhang <yinjun.zhang@corigine.com>	2021-09-06 10:44:29 +0100
committer	Nick Clifton <nickc@redhat.com>	2021-09-06 10:44:29 +0100
commit	ac11cca5b6499f065fa5e078958ae24ba14bcbfc (patch)
tree	19507d79806d6839c48fac44e878c99d8ddf3157 /opcodes
parent	5a20fadc84144c2649f7f7c029f1604f003a3834 (diff)
download	binutils-gdb-ac11cca5b6499f065fa5e078958ae24ba14bcbfc.tar.gz