From 66a66a17f489a4ffc614a31855e8d6f516e24640 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 29 Oct 2019 09:17:39 +0000
Subject: Fix array overruns in the S12Z disassembler.

	* s12z-dis.c (opr_emit_disassembly): Check for illegal register
	values.
	(shift_size_table): Use a fixed size defined as S12Z_N_SIZES.
	(print_insn_s12z):  Check for illegal size values.
---
 opcodes/s12z-opc.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'opcodes/s12z-opc.c')

diff --git a/opcodes/s12z-opc.c b/opcodes/s12z-opc.c
index eef097dfd48..e7a3577ef7d 100644
--- a/opcodes/s12z-opc.c
+++ b/opcodes/s12z-opc.c
@@ -2205,8 +2205,16 @@ exg_sex_discrim (struct mem_read_abstraction_base *mra, enum optr hint ATTRIBUTE
   struct operand *op0 = create_register_operand ((eb & 0xf0) >> 4);
   struct operand *op1 = create_register_operand (eb & 0xf);
 
-  const struct reg *r0 = registers + ((struct register_operand *) op0)->reg;
-  const struct reg *r1 = registers + ((struct register_operand *) op1)->reg;
+  int reg0 = ((struct register_operand *) op0)->reg;
+  if (reg0 < 0 || reg0 >= S12Z_N_REGISTERS)
+    return OP_INVALID;
+
+  int reg1 = ((struct register_operand *) op1)->reg;
+  if (reg1 < 0 || reg1 >= S12Z_N_REGISTERS)
+    return OP_INVALID;
+
+  const struct reg *r0 = registers + reg0;
+  const struct reg *r1 = registers + reg1;
 
   enum optr operator = (r0->bytes < r1->bytes) ? OP_sex : OP_exg;
 
-- 
cgit v1.2.1