This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
This fixes the buffer overflow triggered by too long prefix streams. It
also
changes the instruction length limit to the architectural value of 15.
Built and tested on i686-pc-linux-gnu and x86_64-unknown-linux-gnu.
Jan
opcodes/
2005-12-08 Jan Beulich <jbeulich@novell.com>
* i386-dis.c (MAXLEN): Reduce to architectural limit.
(fetch_data): Check for sufficient buffer size.
---
/home/jbeulich/src/binutils/mainline/2005-12-08/opcodes/i386-dis.c 2005-12-08
11:37:24.000000000 +0100
+++ 2005-12-08/opcodes/i386-dis.c 2005-12-08 11:28:46.000000000
+0100
@@ -35,7 +35,7 @@
#include "sysdep.h"
#include "opintl.h"
-#define MAXLEN 20
+#define MAXLEN 15
#include <setjmp.h>
@@ -179,10 +179,13 @@ fetch_data (struct disassemble_info *inf
struct dis_private *priv = (struct dis_private *)
info->private_data;
bfd_vma start = priv->insn_start + (priv->max_fetched -
priv->the_buffer);
- status = (*info->read_memory_func) (start,
- priv->max_fetched,
- addr - priv->max_fetched,
- info);
+ if (addr <= priv->the_buffer + MAXLEN)
+ status = (*info->read_memory_func) (start,
+ priv->max_fetched,
+ addr - priv->max_fetched,
+ info);
+ else
+ status = -1;
if (status != 0)
{
/* If we did manage to read at least one byte, then
Attachment:
binutils-mainline-x86-disasm-buffer.patch
Description: Text document
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |