From: Nick Clifton <nickc@redhat.com>
Date: Tue, 11 May 2021 10:29:58 +0000 (+0100)
Subject: Fix an illegal memory access when attempting to disassemble a corrupt TIC30 binary.
X-Git-Tag: binutils-2_37~718
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a680affc635af50db5b0cb8e389b54b057691ec4;p=thirdparty%2Fbinutils-gdb.git

Fix an illegal memory access when attempting to disassemble a corrupt TIC30 binary.

	PR 27840
	* tic30-dis.c (print_insn_tic30): Prevent attempts to read beyond
	the end of the code buffer.
---

diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
index bc5d44fc773..6a4bd6f29f7 100644
--- a/opcodes/ChangeLog
+++ b/opcodes/ChangeLog
@@ -1,3 +1,9 @@
+2021-05-11  Nick Clifton  <nickc@redhat.com>
+
+	PR 27840
+	* tic30-dis.c (print_insn_tic30): Prevent attempts to read beyond
+	the end of the code buffer.
+
 2021-05-06  Stafford Horne  <shorne@gmail.com>
 
 	PR 21464
diff --git a/opcodes/tic30-dis.c b/opcodes/tic30-dis.c
index 67d3f24bdc8..bb96c07e712 100644
--- a/opcodes/tic30-dis.c
+++ b/opcodes/tic30-dis.c
@@ -695,6 +695,9 @@ print_insn_tic30 (bfd_vma pc, disassemble_info *info)
   struct instruction insn = { 0, NULL, NULL };
   bfd_vma bufaddr = pc - info->buffer_vma;
 
+  if (bufaddr + 3 >= info->buffer_length)
+    return -1;
+
   /* Obtain the current instruction word from the buffer.  */
   insn_word = (((unsigned) *(info->buffer + bufaddr) << 24)
 	       | (*(info->buffer + bufaddr + 1) << 16)