From 45f413067f4cc8571524788e94ce2ec70102e2eb Mon Sep 17 00:00:00 2001 From: Daniel Sanders Date: Fri, 18 Sep 2015 14:20:54 +0000 Subject: [PATCH] [mips][microMIPS] Fix an invalid read for lwm32 and reserved reglist values. Summary: Some values of 'reglist' are reserved and cause the disassembler to read past the end of the Regs array. Treat lwm32's containing reserved values as invalid instructions. Reviewers: zoran.jovanovic Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D12959 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247990 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Target/Mips/Disassembler/MipsDisassembler.cpp | 6 ++++++ test/MC/Disassembler/Mips/micromips32r3/invalid.txt | 4 ++++ 2 files changed, 10 insertions(+) create mode 100644 test/MC/Disassembler/Mips/micromips32r3/invalid.txt diff --git a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp index 4aa0afd7e03..27eb399ba96 100644 --- a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp +++ b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp @@ -1919,11 +1919,17 @@ static DecodeStatus DecodeRegListOperand(MCInst &Inst, unsigned RegNum; unsigned RegLst = fieldFromInstruction(Insn, 21, 5); + // Empty register lists are not allowed. if (RegLst == 0) return MCDisassembler::Fail; RegNum = RegLst & 0xf; + + // RegLst values 10-15, and 26-31 are reserved. + if (RegNum > 9) + return MCDisassembler::Fail; + for (unsigned i = 0; i < RegNum; i++) Inst.addOperand(MCOperand::createReg(Regs[i])); diff --git a/test/MC/Disassembler/Mips/micromips32r3/invalid.txt b/test/MC/Disassembler/Mips/micromips32r3/invalid.txt new file mode 100644 index 00000000000..fcaa6169e66 --- /dev/null +++ b/test/MC/Disassembler/Mips/micromips32r3/invalid.txt @@ -0,0 +1,4 @@ +# RUN: llvm-mc --disassemble %s -triple=mips-unknown-linux -mattr=micromips \ +# RUN: 2>&1 | FileCheck %s + +0x21 0xe2 0x5c 0x71 # CHECK: :[[@LINE]]:1: warning: invalid instruction encoding -- 2.34.1