[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-7.2.18 04/18] target/avr: Fix buffer read in avr_print_insn
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-7.2.18 04/18] target/avr: Fix buffer read in avr_print_insn |
|
Date: |
Wed, 14 May 2025 15:56:10 +0300 |
From: Richard Henderson <richard.henderson@linaro.org>
Do not unconditionally attempt to read 4 bytes, as there
may only be 2 bytes remaining in the translator cache.
Cc: qemu-stable@nongnu.org
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20250325224403.4011975-2-richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 070a500cc0da70c1b4c62a6c95e41f0a1b19dc0b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/avr/disas.c b/target/avr/disas.c
index b7689e8d7c..d341030174 100644
--- a/target/avr/disas.c
+++ b/target/avr/disas.c
@@ -68,28 +68,35 @@ static bool decode_insn(DisasContext *ctx, uint16_t insn);
int avr_print_insn(bfd_vma addr, disassemble_info *info)
{
- DisasContext ctx;
+ DisasContext ctx = { info };
DisasContext *pctx = &ctx;
bfd_byte buffer[4];
uint16_t insn;
int status;
- ctx.info = info;
-
- status = info->read_memory_func(addr, buffer, 4, info);
+ status = info->read_memory_func(addr, buffer, 2, info);
if (status != 0) {
info->memory_error_func(status, addr, info);
return -1;
}
insn = bfd_getl16(buffer);
- ctx.next_word = bfd_getl16(buffer + 2);
- ctx.next_word_used = false;
+
+ status = info->read_memory_func(addr + 2, buffer + 2, 2, info);
+ if (status == 0) {
+ ctx.next_word = bfd_getl16(buffer + 2);
+ }
if (!decode_insn(&ctx, insn)) {
output(".db", "0x%02x, 0x%02x", buffer[0], buffer[1]);
}
- return ctx.next_word_used ? 4 : 2;
+ if (!ctx.next_word_used) {
+ return 2;
+ } else if (status == 0) {
+ return 4;
+ }
+ info->memory_error_func(status, addr + 2, info);
+ return -1;
}
--
2.39.5
- [Stable-7.2.18 00/18] Patch Round-up for stable 7.2.18, freeze on 2025-05-24, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 02/18] hw/rtc/goldfish: keep time offset when resetting, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 05/18] target/mips: Revert TARGET_PAGE_BITS_VARY, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 04/18] target/avr: Fix buffer read in avr_print_insn,
Michael Tokarev <=
- [Stable-7.2.18 03/18] hw/pci-host/designware: Fix ATU_UPPER_TARGET register access, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 01/18] Makefile: "make dist" generates a .xz, not .bz2, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 07/18] target/mips: Simplify and fix update_pagemask, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 06/18] target/mips: Require even maskbits in update_pagemask, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 08/18] migration: fix SEEK_CUR offset calculation in qio_channel_block_seek, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 09/18] virtio-net: Fix num_buffers for version 1, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 10/18] smbios: Fix buffer overrun when using path= option, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 11/18] plugins/loader: fix deadlock when resetting/uninstalling a plugin, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 12/18] target/i386/hvf: fix lflags_to_rflags, Michael Tokarev, 2025/05/14
- [Stable-7.2.18 14/18] target/arm: Don't assert() for ISB/SB inside IT block, Michael Tokarev, 2025/05/14