Fix buffer underrun bug in the TI C30 disassembler.

author Nick Clifton <nickc@redhat.com>

Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)

committer Nick Clifton <nickc@redhat.com>

Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
author Nick Clifton <nickc@redhat.com>
Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
committer Nick Clifton <nickc@redhat.com>
Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog

index 87e3f74..64b6a07 100644 (file)
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,5 +1,11 @@
  2019-09-03  Nick Clifton  <nickc@redhat.com>
  
+       PR 24961
+       * tic30-dis.c (get_indirect_operand): Check for bufcnt being
+       greater than zero before indexing via (bufcnt -1).
+
+2019-09-03  Nick Clifton  <nickc@redhat.com>
+
         PR 24958
         * mmix-dis.c (MAX_REG_NAME_LEN): Define.
         (MAX_SPEC_REG_NAME_LEN): Define.
diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c

index c64aceb..668c519 100644 (file)
--- a/opcodes/tic30-dis.c
+++ b/opcodes/tic30-dis.c
@@ -253,7 +253,9 @@ get_indirect_operand (unsigned short fragment,
                 for (i = 0, bufcnt = 0; i < len; i++, bufcnt++)
                   {
                     buffer[bufcnt] = current_ind->syntax[i];
-                   if (buffer[bufcnt - 1] == 'a' && buffer[bufcnt] == 'r')
+                   if (bufcnt > 0
+                       && buffer[bufcnt - 1] == 'a'
+                       && buffer[bufcnt] == 'r')
                       buffer[++bufcnt] = arnum + '0';
                     if (buffer[bufcnt] == '('
                         && current_ind->displacement == DISP_REQUIRED)
author	Nick Clifton <nickc@redhat.com>
	Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 3 Sep 2019 14:37:12 +0000 (15:37 +0100)
opcodes/ChangeLog		patch \| blob \| history
opcodes/tic30-dis.c		patch \| blob \| history