From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <research_trasio@irq.a4lg.com>
Received: from mail-sender-0.a4lg.com (mail-sender.a4lg.com [153.120.152.154])
	by sourceware.org (Postfix) with ESMTPS id D8CA8385C33F;
	Tue,  4 Oct 2022 11:26:13 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D8CA8385C33F
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=irq.a4lg.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=irq.a4lg.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by mail-sender-0.a4lg.com (Postfix) with ESMTPSA id 2076F300089;
	Tue,  4 Oct 2022 11:26:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irq.a4lg.com;
	s=2017s01; t=1664882771;
	bh=wpHcPiSSXKc1QxV0/yGioZB88u8tR1HzgkErFOSWd44=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 Mime-Version:Content-Transfer-Encoding;
	b=qSr9rpim1Fd7aDfkCfKJl+87BI8VhYcHu9djAzWcyhBJUcjuYupBTPP3nIW2QKFh0
	 saeSd2Y9s0i1DFu1lecNj7BDf5GybF/kzlnqhYmyXcN8mMf0qbDQ9dePxl7kxH4bap
	 SpIeGW/OKxWU7/TDMbxxmuRROFU4EvkkD8gPrye8=
From: Tsukasa OI <research_trasio@irq.a4lg.com>
To: Tsukasa OI <research_trasio@irq.a4lg.com>,
	Nelson Chu <nelson@rivosinc.com>,
	Kito Cheng <kito.cheng@sifive.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Andrew Burgess <aburgess@redhat.com>,
	Jan Beulich <jbeulich@suse.com>,
	Andreas Schwab <schwab@suse.de>
Cc: binutils@sourceware.org,
	gdb-patches@sourceware.org
Subject: [PATCH v3 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
Date: Tue,  4 Oct 2022 11:25:56 +0000
Message-Id: <ebf16f9e1f45115d0793952ccb4a94d4233303f9.1664882725.git.research_trasio@irq.a4lg.com>
In-Reply-To: <cover.1664882725.git.research_trasio@irq.a4lg.com>
References: <cover.1664876744.git.research_trasio@irq.a4lg.com> <cover.1664882725.git.research_trasio@irq.a4lg.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-12.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,GIT_PATCH_0,KAM_MANYTO,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

Because riscv_insn_length started to support instructions up to 176-bit,
we need to increase packet buffer size to 176-bit in size.

include/ChangeLog:

	* opcode/riscv.h (RISCV_MAX_INSN_LEN): Max instruction length for
	use in buffer size.

opcodes/ChangeLog:

	* riscv-dis.c (print_insn_riscv): Increase buffer size for max
	176-bit length instructions.
---
 include/opcode/riscv.h | 2 ++
 opcodes/riscv-dis.c    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/opcode/riscv.h b/include/opcode/riscv.h
index 9417dcf00c5..b14f3d998b3 100644
--- a/include/opcode/riscv.h
+++ b/include/opcode/riscv.h
@@ -40,6 +40,8 @@ static inline unsigned int riscv_insn_length (insn_t insn)
   /* 80- ... 176-bit instructions.  */
   if ((insn & 0x7f) == 0x7f && (insn & 0x7000) != 0x7000)
     return 10 + ((insn >> 11) & 0xe);
+  /* Maximum value returned by this function.  */
+#define RISCV_MAX_INSN_LEN 22
   /* Longer instructions not supported at the moment.  */
   return 2;
 }
diff --git a/opcodes/riscv-dis.c b/opcodes/riscv-dis.c
index 031c19334fa..2c0aed13e75 100644
--- a/opcodes/riscv-dis.c
+++ b/opcodes/riscv-dis.c
@@ -1000,7 +1000,7 @@ riscv_disassemble_data (bfd_vma memaddr ATTRIBUTE_UNUSED,
 int
 print_insn_riscv (bfd_vma memaddr, struct disassemble_info *info)
 {
-  bfd_byte packet[8];
+  bfd_byte packet[RISCV_MAX_INSN_LEN];
   insn_t insn = 0;
   bfd_vma dump_size;
   int status;
-- 
2.34.1