Re: [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv

[Jan Beulich <jbeulich@suse.com>]

On 04.10.2022 12:13, Tsukasa OI wrote:
> On 2022/10/04 18:58, Jan Beulich wrote:
>> On 04.10.2022 11:45, Tsukasa OI wrote:
>>> --- a/include/opcode/riscv.h
>>> +++ b/include/opcode/riscv.h
>>> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] =
>>>    "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw"
>>>  };
>>>  
>>> +#define RISCV_MAX_INSN_LEN 22  /* max 176-bit encoding.  */
>>
>> To be honest this still doesn't look sufficient to me: There's still
>> no connection between this constant and riscv_insn_length(). Yet both
>> want changing at the same time when it comes to insn length aspects.
>> As said in reply to v1 - comments may be one way of dealing with this.
>> We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't
>> be usable in a portable way), so an actual build time check might not
>> be feasible. A runtime check also doesn't look realistic, as
>>
>>     gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN);
>>
>> wouldn't be correct, and I'm unconvinced of using other than the most
>> simple ~0 as an argument here.
> 
> I have to agree that the constant with no direct connection with
> riscv_insn_length is not good but I don't come up with better solution
> than this (with given constraints).
> In any case, keeping this stack buffer overflow is definitely a bad idea
> and we have to do something to deal with it in a days.

Agreed. Hence could you add cross-referencing comments at both sides
while introducing the #define, as a minimal measure?

Jan