binutils: CVE-2017-9750

Source: binutils-gdb.git MR: 73997 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 36893e1db9214b4da972a1eeb482be34405f0410 Description: Fix address violation problems when disassembling a corrupt RX binary. PR binutils/21587 * rx-decode.opc: Include libiberty.h (GET_SCALE): New macro - validates access to SCALE array. (GET_PSCALE): New macro - validates access to PSCALE array. (DIs, SIs, S2Is, rx_disp): Use new macros. * rx-decode.c: Regenerate. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: d8996fd2bf72fa774202724864ef014592a16ece) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Thiruvadi Rajaraman <trajaraman@mvista.com> 2017-09-21 19:21:03 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07 17:10:08 +0000
commit: d2b21b2a14a6f18f5185cb77fab7903762b52af8 (patch)
tree: f0ecf3755683b2f7608898add58d1fc41c2b4f34
parent: bf0d750159d671626ca0b2d605c951010a54e6c7 (diff)
download: poky-d2b21b2a14a6f18f5185cb77fab7903762b52af8.tar.gz
2 files changed, 263 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index 24d4d5999e..6580270284 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -83,6 +83,7 @@ SRC_URI = "\
     file://CVE-2017-9746.patch \
     file://CVE-2017-9748.patch \
     file://CVE-2017-9747.patch \
+     file://CVE-2017-9750.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
new file mode 100644
index 0000000000..3ea1725315
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
@@ -0,0 +1,262 @@
+commit db5fa770268baf8cc82cf9b141d69799fd485fe2
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Wed Jun 14 13:35:06 2017 +0100
+    Fix address violation problems when disassembling a corrupt RX binary.
+    
+        PR binutils/21587
+        * rx-decode.opc: Include libiberty.h
+        (GET_SCALE): New macro - validates access to SCALE array.
+        (GET_PSCALE): New macro - validates access to PSCALE array.
+        (DIs, SIs, S2Is, rx_disp): Use new macros.
+        * rx-decode.c: Regenerate.
+Upstream-Status: Backport
+CVE: CVE-2017-9750
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/opcodes/rx-decode.c
+===================================================================
+--- git.orig/opcodes/rx-decode.c        2017-09-21 14:41:57.478649861 +0530
+++ git/opcodes/rx-decode.c     2017-09-21 14:41:57.458649736 +0530
+@@ -27,6 +27,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
+#include "libiberty.h"
+ 
+ #define RX_OPCODE_BIG_ENDIAN 0
+ 
+@@ -45,7 +46,7 @@
+ #define LSIZE 2
+ 
+ /* These are for when the upper bits are "don't care" or "undefined".  */
+-static int bwl[] =
+static int bwl[4] =
+ {
+   RX_Byte,
+   RX_Word,
+@@ -53,7 +54,7 @@
+   RX_Bad_Size /* Bogus instructions can have a size field set to 3.  */
+ };
+ 
+-static int sbwl[] =
+static int sbwl[4] =
+ {
+   RX_SByte,
+   RX_SWord,
+@@ -61,7 +62,7 @@
+   RX_Bad_Size /* Bogus instructions can have a size field set to 3.  */
+ };
+ 
+-static int ubw[] =
+static int ubw[4] =
+ {
+   RX_UByte,
+   RX_UWord,
+@@ -69,7 +70,7 @@
+   RX_Bad_Size /* Bogus instructions can have a size field set to 3.  */
+ };
+ 
+-static int memex[] =
+static int memex[4] =
+ {
+   RX_SByte,
+   RX_SWord,
+@@ -89,6 +90,9 @@
+ /* This is for the prefix size enum.  */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+ 
+#define GET_SCALE(_indx)  ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
+#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
+
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+                       16, 17, 0, 0, 0, 0, 0, 0 };
+ 
+@@ -107,7 +111,7 @@
+ #define DC(c)       OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r)       OP (0, RX_Operand_Register,  r, 0)
+ #define DI(r,a)     OP (0, RX_Operand_Indirect,  r, a)
+-#define DIs(r,a,s)  OP (0, RX_Operand_Indirect,  r, (a) * SCALE[s])
+#define DIs(r,a,s)  OP (0, RX_Operand_Indirect,  r, (a) * GET_SCALE (s))
+ #define DD(t,r,s)   rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r)       OP (0, RX_Operand_Flag,  flagmap[r], 0)
+ 
+@@ -115,7 +119,7 @@
+ #define SR(r)       OP (1, RX_Operand_Register,  r, 0)
+ #define SRR(r)      OP (1, RX_Operand_TwoReg,  r, 0)
+ #define SI(r,a)     OP (1, RX_Operand_Indirect,  r, a)
+-#define SIs(r,a,s)  OP (1, RX_Operand_Indirect,  r, (a) * SCALE[s])
+#define SIs(r,a,s)  OP (1, RX_Operand_Indirect,  r, (a) * GET_SCALE (s))
+ #define SD(t,r,s)   rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r)     rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m)  rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -124,7 +128,7 @@
+ #define S2C(i)      OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r)      OP (2, RX_Operand_Register,  r, 0)
+ #define S2I(r,a)    OP (2, RX_Operand_Indirect,  r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect,  r, (a) * SCALE[s])
+#define S2Is(r,a,s) OP (2, RX_Operand_Indirect,  r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s)  rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r)    rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -211,7 +215,7 @@
+ }
+ 
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
+rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+   int disp;
+ 
+@@ -228,7 +232,7 @@
+     case 1:
+       ld->rx->op[n].type = RX_Operand_Indirect;
+       disp = GETBYTE ();
+-      ld->rx->op[n].addend = disp * PSCALE[size];
+      ld->rx->op[n].addend = disp * GET_PSCALE (size);
+       break;
+     case 2:
+       ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -238,7 +242,7 @@
+ #else
+       disp = disp + GETBYTE () * 256;
+ #endif
+-      ld->rx->op[n].addend = disp * PSCALE[size];
+      ld->rx->op[n].addend = disp * GET_PSCALE (size);
+       break;
+     default:
+       abort ();
+Index: git/opcodes/rx-decode.opc
+===================================================================
+--- git.orig/opcodes/rx-decode.opc      2017-09-21 14:41:57.478649861 +0530
+++ git/opcodes/rx-decode.opc   2017-09-21 14:41:57.458649736 +0530
+@@ -26,6 +26,7 @@
+ #include <string.h>
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
+#include "libiberty.h"
+ 
+ #define RX_OPCODE_BIG_ENDIAN 0
+ 
+@@ -44,7 +45,7 @@
+ #define LSIZE 2
+ 
+ /* These are for when the upper bits are "don't care" or "undefined".  */
+-static int bwl[] =
+static int bwl[4] =
+ {
+   RX_Byte,
+   RX_Word,
+@@ -52,7 +53,7 @@
+   RX_Bad_Size /* Bogus instructions can have a size field set to 3.  */
+ };
+ 
+-static int sbwl[] =
+static int sbwl[4] =
+ {
+   RX_SByte,
+   RX_SWord,
+@@ -60,7 +61,7 @@
+   RX_Bad_Size /* Bogus instructions can have a size field set to 3.  */
+ };
+ 
+-static int ubw[] =
+static int ubw[4] =
+ {
+   RX_UByte,
+   RX_UWord,
+@@ -68,7 +69,7 @@
+   RX_Bad_Size /* Bogus instructions can have a size field set to 3.  */
+ };
+ 
+-static int memex[] =
+static int memex[4] =
+ {
+   RX_SByte,
+   RX_SWord,
+@@ -88,6 +89,9 @@
+ /* This is for the prefix size enum.  */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+ 
+#define GET_SCALE(_indx)  ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
+#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
+
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+                       16, 17, 0, 0, 0, 0, 0, 0 };
+ 
+@@ -106,7 +110,7 @@
+ #define DC(c)       OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r)       OP (0, RX_Operand_Register,  r, 0)
+ #define DI(r,a)     OP (0, RX_Operand_Indirect,  r, a)
+-#define DIs(r,a,s)  OP (0, RX_Operand_Indirect,  r, (a) * SCALE[s])
+#define DIs(r,a,s)  OP (0, RX_Operand_Indirect,  r, (a) * GET_SCALE (s))
+ #define DD(t,r,s)   rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r)       OP (0, RX_Operand_Flag,  flagmap[r], 0)
+ 
+@@ -114,7 +118,7 @@
+ #define SR(r)       OP (1, RX_Operand_Register,  r, 0)
+ #define SRR(r)      OP (1, RX_Operand_TwoReg,  r, 0)
+ #define SI(r,a)     OP (1, RX_Operand_Indirect,  r, a)
+-#define SIs(r,a,s)  OP (1, RX_Operand_Indirect,  r, (a) * SCALE[s])
+#define SIs(r,a,s)  OP (1, RX_Operand_Indirect,  r, (a) * GET_SCALE (s))
+ #define SD(t,r,s)   rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r)     rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
+ #define SPm(t,r,m)  rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
+@@ -123,7 +127,7 @@
+ #define S2C(i)      OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r)      OP (2, RX_Operand_Register,  r, 0)
+ #define S2I(r,a)    OP (2, RX_Operand_Indirect,  r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect,  r, (a) * SCALE[s])
+#define S2Is(r,a,s) OP (2, RX_Operand_Indirect,  r, (a) * GET_SCALE (s))
+ #define S2D(t,r,s)  rx_disp (2, t, r, bwl[s], ld);
+ #define S2P(t,r)    rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
+ #define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
+@@ -210,7 +214,7 @@
+ }
+ 
+ static void
+-rx_disp (int n, int type, int reg, int size, LocalData * ld)
+rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
+ {
+   int disp;
+ 
+@@ -227,7 +231,7 @@
+     case 1:
+       ld->rx->op[n].type = RX_Operand_Indirect;
+       disp = GETBYTE ();
+-      ld->rx->op[n].addend = disp * PSCALE[size];
+      ld->rx->op[n].addend = disp * GET_PSCALE (size);
+       break;
+     case 2:
+       ld->rx->op[n].type = RX_Operand_Indirect;
+@@ -237,7 +241,7 @@
+ #else
+       disp = disp + GETBYTE () * 256;
+ #endif
+-      ld->rx->op[n].addend = disp * PSCALE[size];
+      ld->rx->op[n].addend = disp * GET_PSCALE (size);
+       break;
+     default:
+       abort ();
+Index: git/opcodes/ChangeLog
+===================================================================
+--- git.orig/opcodes/ChangeLog  2017-09-21 14:40:17.000000000 +0530
+++ git/opcodes/ChangeLog       2017-09-21 14:44:07.503461009 +0530
+@@ -15,6 +15,15 @@
+        array.
+        * rl78-decode.c: Regenerate.
+ 
+2017-06-14  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21587
+       * rx-decode.opc: Include libiberty.h
+       (GET_SCALE): New macro - validates access to SCALE array.
+       (GET_PSCALE): New macro - validates access to PSCALE array.
+       (DIs, SIs, S2Is, rx_disp): Use new macros.
+       * rx-decode.c: Regenerate.
+
+ 2016-08-03  Tristan Gingold  <gingold@adacore.com>
+ 
+        * configure: Regenerate.
author	Thiruvadi Rajaraman <trajaraman@mvista.com>	2017-09-21 19:21:03 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-07 17:10:08 +0000
commit	d2b21b2a14a6f18f5185cb77fab7903762b52af8 (patch)
tree	f0ecf3755683b2f7608898add58d1fc41c2b4f34
parent	bf0d750159d671626ca0b2d605c951010a54e6c7 (diff)
download	poky-d2b21b2a14a6f18f5185cb77fab7903762b52af8.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 24d4d5999e..6580270284 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -83,6 +83,7 @@ SRC_URI = "\
83	file://CVE-2017-9746.patch \	83	file://CVE-2017-9746.patch \
84	file://CVE-2017-9748.patch \	84	file://CVE-2017-9748.patch \
85	file://CVE-2017-9747.patch \	85	file://CVE-2017-9747.patch \
		86	file://CVE-2017-9750.patch \
86	"	87	"
87	S = "${WORKDIR}/git"	88	S = "${WORKDIR}/git"
88		89


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch new file mode 100644 index 0000000000..3ea1725315 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
@@ -0,0 +1,262 @@
		1	commit db5fa770268baf8cc82cf9b141d69799fd485fe2
		2	Author: Nick Clifton <nickc@redhat.com>
		3	Date: Wed Jun 14 13:35:06 2017 +0100
		4
		5	Fix address violation problems when disassembling a corrupt RX binary.
		6
		7	PR binutils/21587
		8	* rx-decode.opc: Include libiberty.h
		9	(GET_SCALE): New macro - validates access to SCALE array.
		10	(GET_PSCALE): New macro - validates access to PSCALE array.
		11	(DIs, SIs, S2Is, rx_disp): Use new macros.
		12	* rx-decode.c: Regenerate.
		13
		14	Upstream-Status: Backport
		15
		16	CVE: CVE-2017-9750
		17	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
		18
		19	Index: git/opcodes/rx-decode.c
		20	===================================================================
		21	--- git.orig/opcodes/rx-decode.c 2017-09-21 14:41:57.478649861 +0530
		22	+++ git/opcodes/rx-decode.c 2017-09-21 14:41:57.458649736 +0530
		23	@@ -27,6 +27,7 @@
		24	#include <string.h>
		25	#include "ansidecl.h"
		26	#include "opcode/rx.h"
		27	+#include "libiberty.h"
		28
		29	#define RX_OPCODE_BIG_ENDIAN 0
		30
		31	@@ -45,7 +46,7 @@
		32	#define LSIZE 2
		33
		34	/* These are for when the upper bits are "don't care" or "undefined". */
		35	-static int bwl[] =
		36	+static int bwl[4] =
		37	{
		38	RX_Byte,
		39	RX_Word,
		40	@@ -53,7 +54,7 @@
		41	RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
		42	};
		43
		44	-static int sbwl[] =
		45	+static int sbwl[4] =
		46	{
		47	RX_SByte,
		48	RX_SWord,
		49	@@ -61,7 +62,7 @@
		50	RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
		51	};
		52
		53	-static int ubw[] =
		54	+static int ubw[4] =
		55	{
		56	RX_UByte,
		57	RX_UWord,
		58	@@ -69,7 +70,7 @@
		59	RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
		60	};
		61
		62	-static int memex[] =
		63	+static int memex[4] =
		64	{
		65	RX_SByte,
		66	RX_SWord,
		67	@@ -89,6 +90,9 @@
		68	/* This is for the prefix size enum. */
		69	static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
		70
		71	+#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
		72	+#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
		73	+
		74	static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
		75	16, 17, 0, 0, 0, 0, 0, 0 };
		76
		77	@@ -107,7 +111,7 @@
		78	#define DC(c) OP (0, RX_Operand_Immediate, 0, c)
		79	#define DR(r) OP (0, RX_Operand_Register, r, 0)
		80	#define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
		81	-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
		82	+#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
		83	#define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
		84	#define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
		85
		86	@@ -115,7 +119,7 @@
		87	#define SR(r) OP (1, RX_Operand_Register, r, 0)
		88	#define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
		89	#define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
		90	-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
		91	+#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
		92	#define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
		93	#define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
		94	#define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
		95	@@ -124,7 +128,7 @@
		96	#define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
		97	#define S2R(r) OP (2, RX_Operand_Register, r, 0)
		98	#define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
		99	-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
		100	+#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
		101	#define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
		102	#define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
		103	#define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
		104	@@ -211,7 +215,7 @@
		105	}
		106
		107	static void
		108	-rx_disp (int n, int type, int reg, int size, LocalData * ld)
		109	+rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
		110	{
		111	int disp;
		112
		113	@@ -228,7 +232,7 @@
		114	case 1:
		115	ld->rx->op[n].type = RX_Operand_Indirect;
		116	disp = GETBYTE ();
		117	- ld->rx->op[n].addend = disp * PSCALE[size];
		118	+ ld->rx->op[n].addend = disp * GET_PSCALE (size);
		119	break;
		120	case 2:
		121	ld->rx->op[n].type = RX_Operand_Indirect;
		122	@@ -238,7 +242,7 @@
		123	#else
		124	disp = disp + GETBYTE () * 256;
		125	#endif
		126	- ld->rx->op[n].addend = disp * PSCALE[size];
		127	+ ld->rx->op[n].addend = disp * GET_PSCALE (size);
		128	break;
		129	default:
		130	abort ();
		131	Index: git/opcodes/rx-decode.opc
		132	===================================================================
		133	--- git.orig/opcodes/rx-decode.opc 2017-09-21 14:41:57.478649861 +0530
		134	+++ git/opcodes/rx-decode.opc 2017-09-21 14:41:57.458649736 +0530
		135	@@ -26,6 +26,7 @@
		136	#include <string.h>
		137	#include "ansidecl.h"
		138	#include "opcode/rx.h"
		139	+#include "libiberty.h"
		140
		141	#define RX_OPCODE_BIG_ENDIAN 0
		142
		143	@@ -44,7 +45,7 @@
		144	#define LSIZE 2
		145
		146	/* These are for when the upper bits are "don't care" or "undefined". */
		147	-static int bwl[] =
		148	+static int bwl[4] =
		149	{
		150	RX_Byte,
		151	RX_Word,
		152	@@ -52,7 +53,7 @@
		153	RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
		154	};
		155
		156	-static int sbwl[] =
		157	+static int sbwl[4] =
		158	{
		159	RX_SByte,
		160	RX_SWord,
		161	@@ -60,7 +61,7 @@
		162	RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
		163	};
		164
		165	-static int ubw[] =
		166	+static int ubw[4] =
		167	{
		168	RX_UByte,
		169	RX_UWord,
		170	@@ -68,7 +69,7 @@
		171	RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
		172	};
		173
		174	-static int memex[] =
		175	+static int memex[4] =
		176	{
		177	RX_SByte,
		178	RX_SWord,
		179	@@ -88,6 +89,9 @@
		180	/* This is for the prefix size enum. */
		181	static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
		182
		183	+#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ? SCALE[(_indx)] : 0)
		184	+#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ? PSCALE[(_indx)] : 0)
		185	+
		186	static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
		187	16, 17, 0, 0, 0, 0, 0, 0 };
		188
		189	@@ -106,7 +110,7 @@
		190	#define DC(c) OP (0, RX_Operand_Immediate, 0, c)
		191	#define DR(r) OP (0, RX_Operand_Register, r, 0)
		192	#define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
		193	-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
		194	+#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
		195	#define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
		196	#define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
		197
		198	@@ -114,7 +118,7 @@
		199	#define SR(r) OP (1, RX_Operand_Register, r, 0)
		200	#define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
		201	#define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
		202	-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
		203	+#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
		204	#define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
		205	#define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 1);
		206	#define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size = memex[m];
		207	@@ -123,7 +127,7 @@
		208	#define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
		209	#define S2R(r) OP (2, RX_Operand_Register, r, 0)
		210	#define S2I(r,a) OP (2, RX_Operand_Indirect, r, a)
		211	-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
		212	+#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
		213	#define S2D(t,r,s) rx_disp (2, t, r, bwl[s], ld);
		214	#define S2P(t,r) rx_disp (2, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t, 2);
		215	#define S2Pm(t,r,m) rx_disp (2, t, r, memex[m], ld); rx->op[2].size = memex[m];
		216	@@ -210,7 +214,7 @@
		217	}
		218
		219	static void
		220	-rx_disp (int n, int type, int reg, int size, LocalData * ld)
		221	+rx_disp (int n, int type, int reg, unsigned int size, LocalData * ld)
		222	{
		223	int disp;
		224
		225	@@ -227,7 +231,7 @@
		226	case 1:
		227	ld->rx->op[n].type = RX_Operand_Indirect;
		228	disp = GETBYTE ();
		229	- ld->rx->op[n].addend = disp * PSCALE[size];
		230	+ ld->rx->op[n].addend = disp * GET_PSCALE (size);
		231	break;
		232	case 2:
		233	ld->rx->op[n].type = RX_Operand_Indirect;
		234	@@ -237,7 +241,7 @@
		235	#else
		236	disp = disp + GETBYTE () * 256;
		237	#endif
		238	- ld->rx->op[n].addend = disp * PSCALE[size];
		239	+ ld->rx->op[n].addend = disp * GET_PSCALE (size);
		240	break;
		241	default:
		242	abort ();
		243	Index: git/opcodes/ChangeLog
		244	===================================================================
		245	--- git.orig/opcodes/ChangeLog 2017-09-21 14:40:17.000000000 +0530
		246	+++ git/opcodes/ChangeLog 2017-09-21 14:44:07.503461009 +0530
		247	@@ -15,6 +15,15 @@
		248	array.
		249	* rl78-decode.c: Regenerate.
		250
		251	+2017-06-14 Nick Clifton <nickc@redhat.com>
		252	+
		253	+ PR binutils/21587
		254	+ * rx-decode.opc: Include libiberty.h
		255	+ (GET_SCALE): New macro - validates access to SCALE array.
		256	+ (GET_PSCALE): New macro - validates access to PSCALE array.
		257	+ (DIs, SIs, S2Is, rx_disp): Use new macros.
		258	+ * rx-decode.c: Regenerate.
		259	+
		260	2016-08-03 Tristan Gingold <gingold@adacore.com>
		261
		262	* configure: Regenerate.