Fix potential illegal memory access when disassembling corrupt RX binaries.

opcodes * rx-dis.c (get_register_name): New function. Provides safe access to name array. (get_condition_name, get_flag_name, get_double_register_name) (get_double_register_high_name, get_double_register_low_name) (get_double_control_register_name, get_double_condition_name): Likewise. (print_insn_rx): Use the accessor functions.
2019-10-16 12:56:58 +01:00 · 2019-10-16 12:56:58 +01:00 · 12234dfd5f
commit 12234dfd5f
parent dfde93ab8c
2 changed files with 92 additions and 15 deletions
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@ -1,3 +1,13 @@
 2019-10-16  Nick Clifton  <nickc@redhat.com>
 	* rx-dis.c (get_register_name): New function.  Provides safe
 	access to name array.
 	(get_condition_name, get_flag_name, get_double_register_name)
 	(get_double_register_high_name, get_double_register_low_name)
 	(get_double_control_register_name, get_double_condition_name):
 	Likewise.
 	(print_insn_rx): Use the accessor functions.
 2019-10-09  Nick Clifton  <nickc@redhat.com>
 	PR 25041
--- a/opcodes/rx-dis.c
+++ b/opcodes/rx-dis.c
@ -26,6 +26,8 @@
 #include "bfd.h"
 #include "dis-asm.h"
 #include "opcode/rx.h"
 #include "libiberty.h"
 #include "opintl.h"
 #include <setjmp.h>
@ -76,10 +78,10 @@ static char const * opsize_names[RX_MAX_SIZE] =
 static char const * register_names[] =
 {
-  /* general registers */
+  /* General registers.  */
  "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
  "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15",
-  /* control register */
+  /* Control registers.  */
  "psw", "pc", "usp", "fpsw", NULL, NULL, NULL, NULL,
  "bpsw", "bpc", "isp", "fintv", "intb", "extb", NULL, NULL,
  "a0", "a1", NULL, NULL, NULL, NULL, NULL, NULL,
@ -88,7 +90,7 @@ static char const * register_names[] =
 static char const * condition_names[] =
 {
-  /* condition codes */
+  /* Condition codes.  */
  "eq", "ne", "c", "nc", "gtu", "leu", "pz", "n",
  "ge", "lt", "gt", "le", "o", "no", "<invalid>", "<invalid>"
 };
@ -129,6 +131,71 @@ static const char * double_condition_names[] =
  "", "un", "eq", "", "lt", "", "le",
 };
 static inline const char *
 get_register_name (unsigned int reg)
 {
  if (reg < ARRAY_SIZE (register_names))
    return register_names[reg];
  return _("<inavlid register number>");
 }
 static inline const char *
 get_condition_name (unsigned int cond)
 {
  if (cond < ARRAY_SIZE (condition_names))
    return condition_names[cond];
  return _("<inavlid condition code>");
 }
 static inline const char *
 get_flag_name (unsigned int flag)
 {
  if (flag < ARRAY_SIZE (flag_names))
    return flag_names[flag];
  return _("<inavlid flag>");
 }
 static inline const char *
 get_double_register_name (unsigned int reg)
 {
  if (reg < ARRAY_SIZE (double_register_names))
    return double_register_names[reg];
  return _("<inavlid register number>");
 }
 static inline const char *
 get_double_register_high_name (unsigned int reg)
 {
  if (reg < ARRAY_SIZE (double_register_high_names))
    return double_register_high_names[reg];
  return _("<inavlid register number>");
 }
 static inline const char *
 get_double_register_low_name (unsigned int reg)
 {
  if (reg < ARRAY_SIZE (double_register_low_names))
    return double_register_low_names[reg];
  return _("<inavlid register number>");
 }
 static inline const char *
 get_double_control_register_name (unsigned int reg)
 {
  if (reg < ARRAY_SIZE (double_control_register_names))
    return double_control_register_names[reg];
  return _("<inavlid register number>");
 }
 static inline const char *
 get_double_condition_name (unsigned int cond)
 {
  if (cond < ARRAY_SIZE (double_condition_names))
    return double_condition_names[cond];
  return _("<inavlid condition code>");
 }
 int
 print_insn_rx (bfd_vma addr, disassemble_info * dis)
 {
@ -255,40 +322,40 @@ print_insn_rx (bfd_vma addr, disassemble_info * dis)
 		    break;
 		  case RX_Operand_Register:
 		  case RX_Operand_TwoReg:
-		    PR (PS, "%s", register_names[oper->reg]);
+		    PR (PS, "%s", get_register_name (oper->reg));
 		    break;
 		  case RX_Operand_Indirect:
-		    PR (PS, "%d[%s]", oper->addend, register_names[oper->reg]);
+		    PR (PS, "%d[%s]", oper->addend, get_register_name (oper->reg));
 		    break;
 		  case RX_Operand_Zero_Indirect:
-		    PR (PS, "[%s]", register_names[oper->reg]);
+		    PR (PS, "[%s]", get_register_name (oper->reg));
 		    break;
 		  case RX_Operand_Postinc:
-		    PR (PS, "[%s+]", register_names[oper->reg]);
+		    PR (PS, "[%s+]", get_register_name (oper->reg));
 		    break;
 		  case RX_Operand_Predec:
-		    PR (PS, "[-%s]", register_names[oper->reg]);
+		    PR (PS, "[-%s]", get_register_name (oper->reg));
 		    break;
 		  case RX_Operand_Condition:
-		    PR (PS, "%s", condition_names[oper->reg]);
+		    PR (PS, "%s", get_condition_name (oper->reg));
 		    break;
 		  case RX_Operand_Flag:
-		    PR (PS, "%s", flag_names[oper->reg]);
+		    PR (PS, "%s", get_flag_name (oper->reg));
 		    break;
 		  case RX_Operand_DoubleReg:
-		    PR (PS, "%s", double_register_names[oper->reg]);
+		    PR (PS, "%s", get_double_register_name (oper->reg));
 		    break;
 		  case RX_Operand_DoubleRegH:
-		    PR (PS, "%s", double_register_high_names[oper->reg]);
+		    PR (PS, "%s", get_double_register_high_name (oper->reg));
 		    break;
 		  case RX_Operand_DoubleRegL:
-		    PR (PS, "%s", double_register_low_names[oper->reg]);
+		    PR (PS, "%s", get_double_register_low_name (oper->reg));
 		    break;
 		  case RX_Operand_DoubleCReg:
-		    PR (PS, "%s", double_control_register_names[oper->reg]);
+		    PR (PS, "%s", get_double_control_register_name (oper->reg));
 		    break;
 		  case RX_Operand_DoubleCond:
-		    PR (PS, "%s", double_condition_names[oper->reg]);
+		    PR (PS, "%s", get_double_condition_name (oper->reg));
 		    break;
 		  default:
 		    PR (PS, "[???]");