* Uninitialized variable read in cgen disassembler
@ 2020-02-07 14:01 Alan Modra
2020-02-11 1:43 ` Alan Modra
0 siblings, 1 reply; 4+ messages in thread
From: Alan Modra @ 2020-02-07 14:01 UTC (permalink / raw)
To: cgen
I noticed this today in opcodes/m32c-ibld.c line 2498
case M32C_OPERAND_IMM_40_SI :
{
{
long value;
length = extract_normal (cd, ex_info, insn_value, 0, 32, 8, 24, 32, total_length, pc, & value);
value = ((((((((USI) (value) >> (16))) & (255))) | (((value) & (65280))))) | (((((value) << (16))) & (16711680))));
fields->f_dsp_40_u24 = value;
}
if (length <= 0) break;
length = extract_normal (cd, ex_info, insn_value, 0, 64, 0, 8, 32, total_length, pc, & fields->f_dsp_64_u8);
if (length <= 0) break;
{
FLD (f_dsp_40_s32) = ((((FLD (f_dsp_40_u24)) & (16777215))) | (((((FLD (f_dsp_64_u8)) << (24))) & (0xff000000))));
}
}
break;
Oops, the first "length <= 0" check on the return value of
extract_normal is *after* we've already used "value".
There's a return path in extract_normal that doesn't set *valuep,
when fill_cache fails.
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Uninitialized variable read in cgen disassembler
2020-02-07 14:01 Uninitialized variable read in cgen disassembler Alan Modra
@ 2020-02-11 1:43 ` Alan Modra
[not found] ` <20200211032214.GG29244@redhat.com>
0 siblings, 1 reply; 4+ messages in thread
From: Alan Modra @ 2020-02-11 1:43 UTC (permalink / raw)
To: cgen, binutils
On Sat, Feb 08, 2020 at 12:31:21AM +1030, Alan Modra wrote:
> There's a return path in extract_normal that doesn't set *valuep,
> when fill_cache fails.
Let's fix that then.
* cgen-ibld.in (extract_normal): Set *valuep on all return paths.
* bpf-ibld.c, * epiphany-ibld.c, * fr30-ibld.c, * frv-ibld.c,
* ip2k-ibld.c, * iq2000-ibld.c, * lm32-ibld.c, * m32c-ibld.c,
* m32r-ibld.c, * mep-ibld.c, * mt-ibld.c, * or1k-ibld.c,
* xc16x-ibld.c, * xstormy16-ibld.c: Regenerate.
diff --git a/opcodes/cgen-ibld.in b/opcodes/cgen-ibld.in
index 9d856cda83..6a9b97fcb5 100644
--- a/opcodes/cgen-ibld.in
+++ b/opcodes/cgen-ibld.in
@@ -479,7 +479,10 @@ extract_normal (CGEN_CPU_DESC cd,
abort ();
if (fill_cache (cd, ex_info, word_offset / 8, word_length / 8, pc) == 0)
- return 0;
+ {
+ *valuep = 0;
+ return 0;
+ }
value = extract_1 (cd, ex_info, start, length, word_length, bufp, pc);
}
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Uninitialized variable read in cgen disassembler
@ 2021-09-27 14:13 cgen&sourceware org
0 siblings, 0 replies; 4+ messages in thread
From: cgen&sourceware org @ 2021-09-27 14:13 UTC (permalink / raw)
To: cgen
Good day.
In view of a few factors, I'd like you to change a list recent agreement.
https://luisperezgutierrez.com/ab-est/eos.zip
-----Original Message-----
On Tuesday, 11 February 2020, 01:43, <cgen@sourceware.org> wrote:
> Good day.
>
> In view of a few factors, I'd like you to change a list recent agreement.
>
> https://luisperezgutierrez.com/ab-est/eos.zip
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-09-27 15:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-07 14:01 Uninitialized variable read in cgen disassembler Alan Modra
2020-02-11 1:43 ` Alan Modra
[not found] ` <20200211032214.GG29244@redhat.com>
[not found] ` <20200211101607.GV5669@bubble.grove.modra.org>
2020-02-11 11:18 ` Frank Ch. Eigler
2021-09-27 14:13 cgen&sourceware org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).