This is the mail archive of the mailing list for the binutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH][binutils][Arm] Fix range check for SMC immediate operand.


This patch fixes a bug where an immediate operand larger than 4 bits (0xF) could be passed
to the SMC (Secure Monitor Call) instruction.

For example, this code is invalid:
smc #0x6951

The code would previously check for and encode for up to 16 bit immediate values, however
this immediate should instead be only a 4 bit value
(as documented here  ).

Fixed this by adding range checks in the relevant areas and also removing code that would
encode more than the first 4 bits of the immediate (code that is now redundant, as any immediate operand
larger than 0xF would error now anyway).

Added testcases to check that the error is thrown for invalid instructions (for arm and thumb),
as well as positive tests checking that any immediate operands less than 0xF are accepted.

Cross compiled and regtested on arm-none-eabi and arm-none-linux-gnueabihf.

I don't have write access, so if it's OK then could someone commit on my behalf?



2019-06-26  Barnaby Wilks<>

	* config/tc-arm.c (do_smc): Add range check for immediate operand.
	(do_t_smc): Add range check for immediate operand. Remove
	obsolete immediate encoding.
	(md_apply_fix): Fix range check. Remove obsolete immediate encoding.
	* testsuite/gas/arm/arch6zk.d: Fix test.
	* testsuite/gas/arm/arch6zk.s: Fix test.
	* testsuite/gas/arm/smc-bad.d: New test.
	* testsuite/gas/arm/smc-bad.l: New test.
	* testsuite/gas/arm/smc-bad.s: New test.
	* testsuite/gas/arm/thumb32.d: Fix test.
	* testsuite/gas/arm/thumb32.s: Fix test.

Attachment: rb11374.txt
Description: rb11374.txt

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]