asan: ns32k: wild memory write

Message ID 20200113081438.GP4433@bubble.grove.modra.org
State New
Headers show
Series
  • asan: ns32k: wild memory write
Related show

Commit Message

Alan Modra Jan. 13, 2020, 8:14 a.m.
index_offset isn't set up for "sfsr", resulting in a random offset
being used when trying to disassemble the following.

 .byte 0x3e, 0xf7, 0x07, 0x00

	* ns32k-dis.c (Is_gen): Use strchr, add 'f'.
	(print_insn_ns32k): Adjust ioffset for 'f' index_offset.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/opcodes/ns32k-dis.c b/opcodes/ns32k-dis.c
index 51b39260c4..d505edd774 100644
--- a/opcodes/ns32k-dis.c
+++ b/opcodes/ns32k-dis.c
@@ -347,9 +347,7 @@  flip_bytes (char *ptr, int count)
 }
 
 /* Given a character C, does it represent a general addressing mode?  */
-#define Is_gen(c) \
-  ((c) == 'F' || (c) == 'L' || (c) == 'B' \
-   || (c) == 'W' || (c) == 'D' || (c) == 'A' || (c) == 'I' || (c) == 'Z')
+#define Is_gen(c) (strchr ("FLBWDAIZf", (c)) != NULL)
 
 /* Adressing modes.  */
 #define Adrmod_index_byte        0x1c
@@ -808,9 +806,10 @@  print_insn_ns32k (bfd_vma memaddr, disassemble_info *info)
 	 if we are using scaled indexed addressing mode, since the index
 	 bytes occur right after the basic instruction, not as part
 	 of the addressing extension.  */
-      if (Is_gen(d[1]))
+      if (Is_gen (d[1]))
 	{
-	  int addr_mode = bit_extract (buffer, ioffset - 5, 5);
+	  int bitoff = d[1] == 'f' ? 10 : 5;
+	  int addr_mode = bit_extract (buffer, ioffset - bitoff, 5);
 
 	  if (Adrmod_is_index (addr_mode))
 	    {
@@ -819,7 +818,7 @@  print_insn_ns32k (bfd_vma memaddr, disassemble_info *info)
 	    }
 	}
 
-      if (d[2] && Is_gen(d[3]))
+      if (d[2] && Is_gen (d[3]))
 	{
 	  int addr_mode = bit_extract (buffer, ioffset - 10, 5);