aarch64: fix buffer overflow in aarch64-gen

A refactoring in [1] introduced a buffer overflow. A new enum value,
last_iclass, was added at the end of 'enum aarch64_insn_class' to
refer to the last instruction class. This value is then used to size
the array iclass_has_subclasses_p, which is intended to have one
element per enum value.

However, because the enum values start at index 0, last_iclass is
off by one when used as the array length. As a result, the array is
allocated with element too few, leading to a buffer overflow when
accessing the 'lut' class.

The fix adds +1 to last_iclass when defining the array size.

==ERROR: AddressSanitizer: global-buffer-overflow
READ of size 1 at 0x5555556d8d5d thread T0
    #0 0x5555555c918d in read_table ./opcodes/aarch64-gen.c:207
    #1 0x5555555ca0d1 in initialize_decoder_tree ./opcodes/aarch64-gen.c:435
    #2 0x5555555ceaa6 in main ./opcodes/aarch64-gen.c:1386

[1]: 002ac0590221a01463a1eb92e2f0d81f616a4959

diff --git a/opcodes/aarch64-gen.c b/opcodes/aarch64-gen.c
index 7ba4decbd8d7f81197d0c08e9e98fca72efbaea1..1988879da81036611c9f65e29c9ccf79fc03f6e3 100644 (file)
--- a/opcodes/aarch64-gen.c
+++ b/opcodes/aarch64-gen.c
@@ -128,7 +128,7 @@ get_aarch64_opcode (const opcode_node *opcode_node)
   return &index2table (opcode_node->index)[real_index (opcode_node->index)];
 }
 
-static bool iclass_has_subclasses_p[last_iclass];
+static bool iclass_has_subclasses_p[last_iclass + 1];
 
 static void
 read_table (const struct aarch64_opcode* table)