[PATCH v2 0/2] opcodes/nfp: bug fix for nfp disassembler
Yinjun Zhang
yinjun.zhang@corigine.com
Thu Sep 2 01:40:09 GMT 2021
> -----Original Message-----
> From: Alan Modra <amodra@gmail.com>
> Sent: Wednesday, September 1, 2021 6:02 PM
> To: Yinjun Zhang <yinjun.zhang@corigine.com>
> Cc: binutils@sourceware.org; Simon Horman <simon.horman@corigine.com>
> Subject: Re: [PATCH v2 0/2] opcodes/nfp: bug fix for nfp disassembler
>
> On Wed, Sep 01, 2021 at 07:12:27AM +0000, Yinjun Zhang wrote:
> > > By the way, you have another similar problem in init_nfp6000_mecsr_sec
> > > with the menum calculation from a bit-field read from an object file.
> > > That also needs to be sanity checked. Bit-field values of 0 to 3 in the file
> will
> > > result in out of bounds mecfgs array access.
> >
> > I'd checked this part, you mean "menum = _BF (ireg.cpp_offset_lo, 13, 10) -
> 4",
> > right? There's a "-4", so I think it's safe.
>
> If the bit-field is 0, which it might be with a fuzzed object, then
> menum == (size_t) -4. That is out of bounds.
>
I see, thanks, will fix that soon.
> --
> Alan Modra
> Australia Development Lab, IBM
More information about the Binutils
mailing list