From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Thu, 15 Jun 2017 13:26:54 +0100 Subject: [PATCH] Prevent address violation problem when disassembling corrupt aarch64 binary. PR binutils/21595 * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of range value. --- opcodes/ChangeLog | 6 ++++++ opcodes/aarch64-dis.c | 3 +++ 2 files changed, 9 insertions(+) diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog index c77f00a..e489d43 100644 --- a/opcodes/ChangeLog +++ b/opcodes/ChangeLog @@ -1,5 +1,11 @@ 2017-06-15 Nick Clifton + PR binutils/21595 + * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of + range value. + +2017-06-15 Nick Clifton + PR binutils/21588 * rl78-decode.opc (OP_BUF_LEN): Define. (GETBYTE): Check for the index exceeding OP_BUF_LEN. diff --git a/opcodes/aarch64-dis.c b/opcodes/aarch64-dis.c index 27ef22b..a860dbc 100644 --- a/opcodes/aarch64-dis.c +++ b/opcodes/aarch64-dis.c @@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_operand *self ATTRIBUTE_UNUSED, info->reglist.first_regno = extract_field (FLD_Rt, code, 0); /* opcode */ value = extract_field (FLD_opcode, code, 0); + /* PR 21595: Check for a bogus value. */ + if (value >= ARRAY_SIZE (data)) + return 0; if (expected_num != data[value].num_elements || data[value].is_reserved) return 0; info->reglist.num_regs = data[value].num_regs; -- 2.7.4