[v2,1/2] opcodes/nfp: add validity check of island and me

Message ID 1629939678-17826-2-git-send-email-yinjun.zhang@corigine.com
State New
Headers show
Series
  • opcodes/nfp: bug fix for nfp disassembler
Related show

Commit Message

Yinjun Zhang Aug. 26, 2021, 1:01 a.m.
AddressSanitizer detects heap-buffer-overflow when running
"objdump -D" for nfp .nffw files.

Add necessary check for parsed island and me number.

Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com>

Signed-off-by: Simon Horman <simon.horman@corigine.com>

---
 opcodes/nfp-dis.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

-- 
2.27.0

Patch

diff --git a/opcodes/nfp-dis.c b/opcodes/nfp-dis.c
index b74ccb3fce5..ff69410d967 100644
--- a/opcodes/nfp-dis.c
+++ b/opcodes/nfp-dis.c
@@ -46,6 +46,9 @@ 
 #define _NFP_ME27_28_CSR_CTX_ENABLES     0x18
 #define _NFP_ME27_28_CSR_MISC_CONTROL    0x160
 
+#define _NFP_ISLAND_MAX 64
+#define _NFP_ME_MAX     12
+
 typedef struct
 {
   unsigned char ctx4_mode:1;
@@ -65,7 +68,7 @@  nfp_opts;
 /* mecfgs[island][menum][is-text] */
 typedef struct
 {
-  nfp_priv_mecfg mecfgs[64][12][2];
+  nfp_priv_mecfg mecfgs[_NFP_ISLAND_MAX][_NFP_ME_MAX][2];
 }
 nfp_priv_data;
 
@@ -2837,6 +2840,12 @@  _print_instrs (bfd_vma addr, struct disassemble_info *dinfo, nfp_opts * opts)
 	  break;
 	}
 
+      if ((island >= _NFP_ISLAND_MAX) || (menum >= _NFP_ME_MAX))
+	{
+	  dinfo->fprintf_func (dinfo->stream, "Invalid island or me.");
+	  return _NFP_ERR_STOP;
+	}
+
       mecfg = &priv->mecfgs[island][menum][is_text];
       num_ctx = (mecfg->ctx4_mode) ? 4 : 8;
       addr_3rdparty32 = mecfg->addr_3rdparty32;