This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
This fixes the buffer overflow triggered by too long prefix streams. It also changes the instruction length limit to the architectural value of 15. Built and tested on i686-pc-linux-gnu and x86_64-unknown-linux-gnu. Jan opcodes/ 2005-12-08 Jan Beulich <jbeulich@novell.com> * i386-dis.c (MAXLEN): Reduce to architectural limit. (fetch_data): Check for sufficient buffer size. --- /home/jbeulich/src/binutils/mainline/2005-12-08/opcodes/i386-dis.c 2005-12-08 11:37:24.000000000 +0100 +++ 2005-12-08/opcodes/i386-dis.c 2005-12-08 11:28:46.000000000 +0100 @@ -35,7 +35,7 @@ #include "sysdep.h" #include "opintl.h" -#define MAXLEN 20 +#define MAXLEN 15 #include <setjmp.h> @@ -179,10 +179,13 @@ fetch_data (struct disassemble_info *inf struct dis_private *priv = (struct dis_private *) info->private_data; bfd_vma start = priv->insn_start + (priv->max_fetched - priv->the_buffer); - status = (*info->read_memory_func) (start, - priv->max_fetched, - addr - priv->max_fetched, - info); + if (addr <= priv->the_buffer + MAXLEN) + status = (*info->read_memory_func) (start, + priv->max_fetched, + addr - priv->max_fetched, + info); + else + status = -1; if (status != 0) { /* If we did manage to read at least one byte, then
Attachment:
binutils-mainline-x86-disasm-buffer.patch
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |