From 0d96e4df4812c3bad77c229dfef47a9bc115ac12 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 15 Jun 2017 06:40:17 -0700
Subject: [PATCH] i386-dis: Check valid bnd register

Since there are only 4 bnd registers, return "(bad)" for register
number > 3.

	PR binutils/21594
	* i386-dis.c (OP_E_register): Check valid bnd register.
	(OP_G): Likewise.

Upstream-Status: Backport 
CVE: CVE-2017-9755
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 opcodes/ChangeLog  |  6 ++++++
 opcodes/i386-dis.c | 10 ++++++++++
 2 files changed, 16 insertions(+)

Index: git/opcodes/ChangeLog
===================================================================
--- git.orig/opcodes/ChangeLog
+++ git/opcodes/ChangeLog
@@ -1,3 +1,9 @@
+2017-06-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR binutils/21594
+	* i386-dis.c (OP_E_register): Check valid bnd register.
+	(OP_G): Likewise.
+
 2017-06-15  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/21588
Index: git/opcodes/i386-dis.c
===================================================================
--- git.orig/opcodes/i386-dis.c
+++ git/opcodes/i386-dis.c
@@ -14939,6 +14939,11 @@ OP_E_register (int bytemode, int sizefla
       names = address_mode == mode_64bit ? names64 : names32;
       break;
     case bnd_mode:
+      if (reg > 0x3)
+	{
+	  oappend ("(bad)");
+	  return;
+	}
       names = names_bnd;
       break;
     case indir_v_mode:
@@ -15483,6 +15488,11 @@ OP_G (int bytemode, int sizeflag)
       oappend (names64[modrm.reg + add]);
       break;
     case bnd_mode:
+      if (modrm.reg > 0x3)
+	{
+	  oappend ("(bad)");
+	  return;
+	}
       oappend (names_bnd[modrm.reg]);
       break;
     case v_mode: