From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 3681 invoked by alias); 9 Jan 2014 18:26:31 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 3667 invoked by uid 89); 9 Jan 2014 18:26:30 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-ig0-f176.google.com Received: from mail-ig0-f176.google.com (HELO mail-ig0-f176.google.com) (209.85.213.176) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Thu, 09 Jan 2014 18:26:29 +0000 Received: by mail-ig0-f176.google.com with SMTP id k19so16808515igc.3 for ; Thu, 09 Jan 2014 10:26:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-type; bh=+tF0m63049/vhdh7vIjc2MVZ8oPcNu+d/cIB16+bDFQ=; b=TD0wgcz6gWn7Y2hD0AYcBFB7uWd8ct0AaN88E/Gj3hkMlxV3pEzZzSMja/r+V/kO6s OIPLj6PYYaL1XH/z5F1tOk+ct1+QZlollLIdz5V/74qpevgMnwmVXtEQdybSspZ5LXEM Z1XQTld/QqEv9/E7OXx7ykx2c4DHbJgqynUjec7pH7jtNJqpBTfw8thd9K7JUGxBTKXF /f1JhknJ/1sg/RxZCCIBSpYAdYUA6O8K+CBRRe7fU7h3k9m81+EFdd9aOfynH+QXpGHf YYue/GZZCs3r8wVlxFTEuoEKiFaAlWDTpt728ZEwYK0uUESLknAOO1ykr2l8Zy37Kjnz pTOg== X-Gm-Message-State: ALoCoQmG1ZbZPh7Qy3OLW9ok5ZM5T1G2+QOi52Ru5TdytkMo8RgW1RV1J4TJE4nfMf9/v1M5Fcq86+J4rEo3BHDkTsyCkuCHgk5Ql5KxVcvaQPcZPkVm8Uy7HzA/M6RS2VNme+a/GB894TgSEjVmMn5Ky9EnxKfCsw9l+ues2geD24cO8DQb1hP4/awJFIo8UxZzw2yK/NI2+FAjz+UMc/JIUikZal6E1w== X-Received: by 10.50.41.106 with SMTP id e10mr4892531igl.37.1389291987656; Thu, 09 Jan 2014 10:26:27 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.148.34 with HTTP; Thu, 9 Jan 2014 10:26:07 -0800 (PST) From: Roland McGrath Date: Thu, 09 Jan 2014 18:26:00 -0000 Message-ID: Subject: [PATCH] Fix buffer underrun in i386-dis.c. To: "binutils@sourceware.org" , gdb-patches@sourceware.org Cc: Bradley Nelson Content-Type: text/plain; charset=UTF-8 X-SW-Source: 2014-01/txt/msg00246.txt.bz2 When disassembling any instruction without a REX prefix, the print_insn function touches all_prefixes[-1]. This is usually harmless in most builds, because the word preceding all_prefixes will probably be the last_seg_prefix variable and it was usually zero already. But in some kinds of builds, all buffer underruns are caught and cause a crash. AFAICT the obvious local workaround is in fact the proper fix. In the similar cases nearby, there is a PREFIX_FOO bit in the "prefixes" bitmask that guards use of last_foo_prefix. But there is no such bit for the REX prefixes. We could test "rex != 0" instead, I suppose. OK for trunk and binutils-2.24 branch and gdb-7.7 branch? Thanks, Roland opcodes/ 2014-01-09 Bradley Nelson Roland McGrath * i386-dis.c (print_insn): Do not touch all_prefixes[-1] when last_rex_prefix is -1. --- a/opcodes/i386-dis.c +++ b/opcodes/i386-dis.c @@ -12645,7 +12645,7 @@ print_insn (bfd_vma pc, disassemble_info *info) } /* Check if the REX prefix is used. */ - if (rex_ignored == 0 && (rex ^ rex_used) == 0) + if (rex_ignored == 0 && (rex ^ rex_used) == 0 && last_rex_prefix >= 0) all_prefixes[last_rex_prefix] = 0; /* Check if the SEG prefix is used. */