From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Richard Henderson" <richard.henderson@linaro.org>,
qemu-stable@nongnu.org,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PULL 19/23] target/avr: Fix buffer read in avr_print_insn
Date: Mon, 31 Mar 2025 21:48:17 +0200 [thread overview]
Message-ID: <20250331194822.77309-20-philmd@linaro.org> (raw)
In-Reply-To: <20250331194822.77309-1-philmd@linaro.org>
From: Richard Henderson <richard.henderson@linaro.org>
Do not unconditionally attempt to read 4 bytes, as there
may only be 2 bytes remaining in the translator cache.
Cc: qemu-stable@nongnu.org
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20250325224403.4011975-2-richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
target/avr/disas.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/target/avr/disas.c b/target/avr/disas.c
index b7689e8d7cd..d341030174f 100644
--- a/target/avr/disas.c
+++ b/target/avr/disas.c
@@ -68,28 +68,35 @@ static bool decode_insn(DisasContext *ctx, uint16_t insn);
int avr_print_insn(bfd_vma addr, disassemble_info *info)
{
- DisasContext ctx;
+ DisasContext ctx = { info };
DisasContext *pctx = &ctx;
bfd_byte buffer[4];
uint16_t insn;
int status;
- ctx.info = info;
-
- status = info->read_memory_func(addr, buffer, 4, info);
+ status = info->read_memory_func(addr, buffer, 2, info);
if (status != 0) {
info->memory_error_func(status, addr, info);
return -1;
}
insn = bfd_getl16(buffer);
- ctx.next_word = bfd_getl16(buffer + 2);
- ctx.next_word_used = false;
+
+ status = info->read_memory_func(addr + 2, buffer + 2, 2, info);
+ if (status == 0) {
+ ctx.next_word = bfd_getl16(buffer + 2);
+ }
if (!decode_insn(&ctx, insn)) {
output(".db", "0x%02x, 0x%02x", buffer[0], buffer[1]);
}
- return ctx.next_word_used ? 4 : 2;
+ if (!ctx.next_word_used) {
+ return 2;
+ } else if (status == 0) {
+ return 4;
+ }
+ info->memory_error_func(status, addr + 2, info);
+ return -1;
}
--
2.47.1
next prev parent reply other threads:[~2025-03-31 19:52 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-31 19:47 [PULL 00/23] Misc HW fixes for 2025-03-31 Philippe Mathieu-Daudé
2025-03-31 19:47 ` [PULL 01/23] hw/arm/armv7m: Expose and access System Control Space as little endian Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 02/23] hw/arm/imx8mp-evk: Fix reference count of SoC object Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 03/23] hw/arm/fsl-imx8mp: Derive struct FslImx8mpState from TYPE_SYS_BUS_DEVICE Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 04/23] hw/arm/fsl-imx8mp: Remove unused define Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 05/23] hw/core/cpu: Use size_t for memory_rw_debug len argument Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 06/23] hw/block/m25p80: Categorize and add description Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 07/23] hw/display/dm163: Add description Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 08/23] hw/dma/i82374: Categorize and add description Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 09/23] hw/mips: Mark the "mipssim" machine as deprecated Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 10/23] hw/rtc/goldfish: keep time offset when resetting Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 11/23] hw/misc/pll: Do not expose as user-creatable Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 12/23] hw/nvram/xlnx-efuse: " Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 13/23] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 14/23] hw/sd/sdhci: free irq on exit Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 15/23] hw/char/bcm2835_aux: Fix incorrect interrupt ID when RX disabled Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 16/23] hw/ufs: free irq on exit Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 17/23] hw/pci-host/designware: Fix ATU_UPPER_TARGET register access Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 18/23] target/hppa: Remove duplicated CPU_RESOLVING_TYPE definition Philippe Mathieu-Daudé
2025-03-31 19:48 ` Philippe Mathieu-Daudé [this message]
2025-03-31 19:48 ` [PULL 20/23] target/sparc: Log unimplemented ASI load/store accesses Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 21/23] target/mips: Revert TARGET_PAGE_BITS_VARY Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 22/23] target/mips: Require even maskbits in update_pagemask Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 23/23] target/mips: Simplify and fix update_pagemask Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250331194822.77309-20-philmd@linaro.org \
--to=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).