[v3,1/2] RISC-V: Fix buffer overflow on print_insn_riscv

Message ID ebf16f9e1f45115d0793952ccb4a94d4233303f9.1664882725.git.research_trasio@irq.a4lg.com
State Committed
Headers
Series RISC-V: Fix buffer overflow after 176-bit instruction support |

Commit Message

Tsukasa OI Oct. 4, 2022, 11:25 a.m. UTC
  Because riscv_insn_length started to support instructions up to 176-bit,
we need to increase packet buffer size to 176-bit in size.

include/ChangeLog:

	* opcode/riscv.h (RISCV_MAX_INSN_LEN): Max instruction length for
	use in buffer size.

opcodes/ChangeLog:

	* riscv-dis.c (print_insn_riscv): Increase buffer size for max
	176-bit length instructions.
---
 include/opcode/riscv.h | 2 ++
 opcodes/riscv-dis.c    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
  

Patch

diff --git a/include/opcode/riscv.h b/include/opcode/riscv.h
index 9417dcf00c5..b14f3d998b3 100644
--- a/include/opcode/riscv.h
+++ b/include/opcode/riscv.h
@@ -40,6 +40,8 @@  static inline unsigned int riscv_insn_length (insn_t insn)
   /* 80- ... 176-bit instructions.  */
   if ((insn & 0x7f) == 0x7f && (insn & 0x7000) != 0x7000)
     return 10 + ((insn >> 11) & 0xe);
+  /* Maximum value returned by this function.  */
+#define RISCV_MAX_INSN_LEN 22
   /* Longer instructions not supported at the moment.  */
   return 2;
 }
diff --git a/opcodes/riscv-dis.c b/opcodes/riscv-dis.c
index 031c19334fa..2c0aed13e75 100644
--- a/opcodes/riscv-dis.c
+++ b/opcodes/riscv-dis.c
@@ -1000,7 +1000,7 @@  riscv_disassemble_data (bfd_vma memaddr ATTRIBUTE_UNUSED,
 int
 print_insn_riscv (bfd_vma memaddr, struct disassemble_info *info)
 {
-  bfd_byte packet[8];
+  bfd_byte packet[RISCV_MAX_INSN_LEN];
   insn_t insn = 0;
   bfd_vma dump_size;
   int status;