From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10631 invoked by alias); 9 Jan 2014 18:31:18 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 10596 invoked by uid 89); 9 Jan 2014 18:31:17 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-Spam-User: qpsmtpd, 2 recipients X-HELO: mail-ob0-f180.google.com Received: from mail-ob0-f180.google.com (HELO mail-ob0-f180.google.com) (209.85.214.180) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Thu, 09 Jan 2014 18:31:16 +0000 Received: by mail-ob0-f180.google.com with SMTP id wo20so3670790obc.11 for ; Thu, 09 Jan 2014 10:31:15 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.183.3.102 with SMTP id bv6mr3529372obd.18.1389292274952; Thu, 09 Jan 2014 10:31:14 -0800 (PST) Received: by 10.76.105.174 with HTTP; Thu, 9 Jan 2014 10:31:14 -0800 (PST) In-Reply-To: References: Date: Thu, 09 Jan 2014 18:31:00 -0000 Message-ID: Subject: Re: [PATCH] Fix buffer underrun in i386-dis.c. From: "H.J. Lu" To: Roland McGrath Cc: "binutils@sourceware.org" , GDB , Bradley Nelson Content-Type: text/plain; charset=ISO-8859-1 X-IsSubscribed: yes X-SW-Source: 2014-01/txt/msg00249.txt.bz2 On Thu, Jan 9, 2014 at 10:26 AM, Roland McGrath wrote: > When disassembling any instruction without a REX prefix, the print_insn > function touches all_prefixes[-1]. This is usually harmless in most > builds, because the word preceding all_prefixes will probably be the > last_seg_prefix variable and it was usually zero already. But in some > kinds of builds, all buffer underruns are caught and cause a crash. > > AFAICT the obvious local workaround is in fact the proper fix. In the > similar cases nearby, there is a PREFIX_FOO bit in the "prefixes" bitmask > that guards use of last_foo_prefix. But there is no such bit for the REX > prefixes. We could test "rex != 0" instead, I suppose. > > OK for trunk and binutils-2.24 branch and gdb-7.7 branch? OK for trunk and binutils-2.24 branch. Thanks. > > Thanks, > Roland > > > opcodes/ > 2014-01-09 Bradley Nelson > Roland McGrath > > * i386-dis.c (print_insn): Do not touch all_prefixes[-1] when > last_rex_prefix is -1. > > --- a/opcodes/i386-dis.c > +++ b/opcodes/i386-dis.c > @@ -12645,7 +12645,7 @@ print_insn (bfd_vma pc, disassemble_info *info) > } > > /* Check if the REX prefix is used. */ > - if (rex_ignored == 0 && (rex ^ rex_used) == 0) > + if (rex_ignored == 0 && (rex ^ rex_used) == 0 && last_rex_prefix >= 0) > all_prefixes[last_rex_prefix] = 0; > > /* Check if the SEG prefix is used. */ -- H.J.