[PATCH v2 0/2] opcodes/nfp: bug fix for nfp disassembler
Alan Modra
amodra@gmail.com
Wed Sep 1 10:02:11 GMT 2021
On Wed, Sep 01, 2021 at 07:12:27AM +0000, Yinjun Zhang wrote:
> > By the way, you have another similar problem in init_nfp6000_mecsr_sec
> > with the menum calculation from a bit-field read from an object file.
> > That also needs to be sanity checked. Bit-field values of 0 to 3 in the file will
> > result in out of bounds mecfgs array access.
>
> I'd checked this part, you mean "menum = _BF (ireg.cpp_offset_lo, 13, 10) - 4",
> right? There's a "-4", so I think it's safe.
If the bit-field is 0, which it might be with a fuzzed object, then
menum == (size_t) -4. That is out of bounds.
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list