Uninitialized variable read in cgen disassembler

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Uninitialized variable read in cgen disassembler

Alan Modra-3
I noticed this today in opcodes/m32c-ibld.c line 2498

    case M32C_OPERAND_IMM_40_SI :
      {
        {
        long value;
        length = extract_normal (cd, ex_info, insn_value, 0, 32, 8, 24, 32, total_length, pc, & value);
        value = ((((((((USI) (value) >> (16))) & (255))) | (((value) & (65280))))) | (((((value) << (16))) & (16711680))));
        fields->f_dsp_40_u24 = value;
      }
        if (length <= 0) break;
        length = extract_normal (cd, ex_info, insn_value, 0, 64, 0, 8, 32, total_length, pc, & fields->f_dsp_64_u8);
        if (length <= 0) break;
{
  FLD (f_dsp_40_s32) = ((((FLD (f_dsp_40_u24)) & (16777215))) | (((((FLD (f_dsp_64_u8)) << (24))) & (0xff000000))));
}
      }
      break;

Oops, the first "length <= 0" check on the return value of
extract_normal is *after* we've already used "value".

There's a return path in extract_normal that doesn't set *valuep,
when fill_cache fails.

--
Alan Modra
Australia Development Lab, IBM
Reply | Threaded
Open this post in threaded view
|

Re: Uninitialized variable read in cgen disassembler

Frank Ch. Eigler
H -

> Would you like a patch to update cgen to more recent autotools, the
> same as used by gcc and binutils?  I've been using the attached so my
> --enable-maintainer-mode builds don't run into difficulty in cgen.  If
> you do like the idea I'll post a patch with proper ChangeLog.

Can't think of a reason why not, thanks!

- FChE