S3: Avoid potential buffer overruns
This commit is contained in:
Mark Pizzolato
parent
c117698c1d
commit
9662d7f4d1
2 changed files with 28 additions and 26 deletions
|
|
@ -73,7 +73,7 @@ struct ndev {
|
||||||
/* Structure to define operation codes */
|
/* Structure to define operation codes */
|
||||||
|
|
||||||
struct opdef {
|
struct opdef {
|
||||||
char op[6]; /* Mnemonic for op */
|
const char op[6]; /* Mnemonic for op */
|
||||||
int32 opmask; /* Bits set on in opcode */
|
int32 opmask; /* Bits set on in opcode */
|
||||||
int32 q; /* Qbyte */
|
int32 q; /* Qbyte */
|
||||||
int32 form; /* Forms are:
|
int32 form; /* Forms are:
|
||||||
|
|
|
||||||
52
S3/s3_sys.c
52
S3/s3_sys.c
|
|
@ -203,7 +203,7 @@ int32 regcode[15] = { 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01,
|
||||||
0x80, 0xC0, 0xA0, 0x90, 0x88, 0x84, 0x82, 0x81
|
0x80, 0xC0, 0xA0, 0x90, 0x88, 0x84, 0x82, 0x81
|
||||||
};
|
};
|
||||||
|
|
||||||
char regname[15][8] = { "(P2IAR)",
|
const char regname[15][8] = { "(P2IAR)",
|
||||||
"(P1IAR)",
|
"(P1IAR)",
|
||||||
"(IAR)",
|
"(IAR)",
|
||||||
"(ARR)",
|
"(ARR)",
|
||||||
|
|
@ -276,6 +276,8 @@ char bld[128], bldaddr[32], boperand[32], aoperand[32];
|
||||||
int32 blk[16], blt[16];
|
int32 blk[16], blt[16];
|
||||||
int32 blkadd;
|
int32 blkadd;
|
||||||
|
|
||||||
|
memset (bld, 0, sizeof (bld));
|
||||||
|
memset (bldaddr, 0, sizeof (bldaddr));
|
||||||
c1 = val[0] & 0xff;
|
c1 = val[0] & 0xff;
|
||||||
if (sw & SWMASK ('A')) {
|
if (sw & SWMASK ('A')) {
|
||||||
for (i = 0; i < 16; i++) {
|
for (i = 0; i < 16; i++) {
|
||||||
|
|
@ -376,24 +378,24 @@ if (i >= nopcode) {
|
||||||
|
|
||||||
/* Extract the addresses into aaddr and baddr */
|
/* Extract the addresses into aaddr and baddr */
|
||||||
|
|
||||||
strcpy(aoperand, "ERROR");
|
strlcpy(aoperand, "ERROR", sizeof (aoperand));
|
||||||
strcpy(boperand, "ERROR");
|
strlcpy(boperand, "ERROR", sizeof (boperand));
|
||||||
vpos = 2;
|
vpos = 2;
|
||||||
aaddr = baddr = 0;
|
aaddr = baddr = 0;
|
||||||
switch (len1) {
|
switch (len1) {
|
||||||
case 0:
|
case 0:
|
||||||
baddr = ((val[vpos] << 8) & 0xff00) | (val[vpos + 1] & 0x00ff);
|
baddr = ((val[vpos] << 8) & 0xff00) | (val[vpos + 1] & 0x00ff);
|
||||||
sprintf(boperand, "%04X", baddr);
|
snprintf(boperand, sizeof (boperand) - 1, "%04X", baddr);
|
||||||
vpos = 4;
|
vpos = 4;
|
||||||
break;
|
break;
|
||||||
case 1:
|
case 1:
|
||||||
baddr = val[vpos] & 255;
|
baddr = val[vpos] & 255;
|
||||||
sprintf(boperand, "(%02X,XR1)", baddr);
|
snprintf(boperand, sizeof (boperand) - 1, "(%02X,XR1)", baddr);
|
||||||
vpos = 3;
|
vpos = 3;
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
baddr = val[vpos] & 255;
|
baddr = val[vpos] & 255;
|
||||||
sprintf(boperand, "(%02X,XR2)", baddr);
|
snprintf(boperand, sizeof (boperand) - 1, "(%02X,XR2)", baddr);
|
||||||
vpos = 3;
|
vpos = 3;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
@ -404,23 +406,23 @@ if (i >= nopcode) {
|
||||||
case 0:
|
case 0:
|
||||||
aaddr = ((val[vpos] << 8) & 0xff00) | (val[vpos + 1] & 0x00ff);
|
aaddr = ((val[vpos] << 8) & 0xff00) | (val[vpos + 1] & 0x00ff);
|
||||||
if (group == 0x0C || group == 0x0D || group == 0x0E)
|
if (group == 0x0C || group == 0x0D || group == 0x0E)
|
||||||
sprintf(boperand, "%04X", aaddr);
|
snprintf(boperand, sizeof (boperand) - 1, "%04X", aaddr);
|
||||||
else
|
else
|
||||||
sprintf(aoperand, "%04X", aaddr);
|
snprintf(aoperand, sizeof (aoperand) - 1, "%04X", aaddr);
|
||||||
break;
|
break;
|
||||||
case 1:
|
case 1:
|
||||||
aaddr = val[vpos] & 255;
|
aaddr = val[vpos] & 255;
|
||||||
if (group == 0x0C || group == 0x0D || group == 0x0E)
|
if (group == 0x0C || group == 0x0D || group == 0x0E)
|
||||||
sprintf(boperand, "(%02X,XR1)", aaddr);
|
snprintf(boperand, sizeof (boperand) - 1, "(%02X,XR1)", aaddr);
|
||||||
else
|
else
|
||||||
sprintf(aoperand, "(%02X,XR1)", aaddr);
|
snprintf(aoperand, sizeof (aoperand) - 1, "(%02X,XR1)", aaddr);
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
aaddr = val[vpos] & 255;
|
aaddr = val[vpos] & 255;
|
||||||
if (group == 0x0C || group == 0x0D || group == 0x0E)
|
if (group == 0x0C || group == 0x0D || group == 0x0E)
|
||||||
sprintf(boperand, "(%02X,XR2)", aaddr);
|
snprintf(boperand, sizeof (boperand) - 1, "(%02X,XR2)", aaddr);
|
||||||
else
|
else
|
||||||
sprintf(aoperand, "(%02X,XR2)", aaddr);
|
snprintf(aoperand, sizeof (aoperand) - 1, "(%02X,XR2)", aaddr);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
aaddr = 0;
|
aaddr = 0;
|
||||||
|
|
@ -435,7 +437,7 @@ if (i >= nopcode) {
|
||||||
|
|
||||||
switch (opcode[i].form) {
|
switch (opcode[i].form) {
|
||||||
case 0:
|
case 0:
|
||||||
sprintf(bldaddr, "%02X,%02X", qbyte, val[2]);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%02X,%02X", qbyte, val[2]);
|
||||||
break;
|
break;
|
||||||
case 1:
|
case 1:
|
||||||
if (inst == 2 || inst == 4 || inst == 5 || inst == 6) {
|
if (inst == 2 || inst == 4 || inst == 5 || inst == 6) {
|
||||||
|
|
@ -444,43 +446,43 @@ if (i >= nopcode) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (i < 16) {
|
if (i < 16) {
|
||||||
sprintf(bldaddr, "%s,%s", regname[i], boperand);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%s,%s", regname[i], boperand);
|
||||||
} else {
|
} else {
|
||||||
sprintf(bldaddr, "%02X,%s", qbyte, boperand);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%02X,%s", qbyte, boperand);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
sprintf(bldaddr, "%02X,%s", qbyte, boperand);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%02X,%s", qbyte, boperand);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
if (inst > 9 || inst == 4 || inst == 6 || inst == 7)
|
if (inst > 9 || inst == 4 || inst == 6 || inst == 7)
|
||||||
qbyte++; /* special +1 for length display */
|
qbyte++; /* special +1 for length display */
|
||||||
sprintf(bldaddr, "%s,%s,%d", boperand, aoperand, qbyte);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%s,%s,%d", boperand, aoperand, qbyte);
|
||||||
break;
|
break;
|
||||||
case 3:
|
case 3:
|
||||||
if (strcmp(opcode[i].op, "JC") == 0) {
|
if (strcmp(opcode[i].op, "JC") == 0) {
|
||||||
sprintf(bldaddr, "%04X,%02X", addr+oplen+val[2], qbyte);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%04X,%02X", addr+oplen+val[2], qbyte);
|
||||||
} else {
|
} else {
|
||||||
sprintf(bldaddr, "%s,%02X", boperand, qbyte);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%s,%02X", boperand, qbyte);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 4:
|
case 4:
|
||||||
sprintf(bldaddr, "%d,%d,%d", da, m, n);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%d,%d,%d", da, m, n);
|
||||||
break;
|
break;
|
||||||
case 5:
|
case 5:
|
||||||
sprintf(bldaddr, "%d,%d,%d,%02X", da, m, n, val[2]);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%d,%d,%d,%02X", da, m, n, val[2]);
|
||||||
break;
|
break;
|
||||||
case 6:
|
case 6:
|
||||||
sprintf(bldaddr, "%d,%d,%d,%s", da, m, n, boperand);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%d,%d,%d,%s", da, m, n, boperand);
|
||||||
break;
|
break;
|
||||||
case 7:
|
case 7:
|
||||||
sprintf(bldaddr, "%04X", addr+oplen+val[2]);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%04X", addr+oplen+val[2]);
|
||||||
break;
|
break;
|
||||||
case 8:
|
case 8:
|
||||||
sprintf(bldaddr, "%s", boperand);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%s", boperand);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
sprintf(bldaddr, "%s,%s", boperand, aoperand);
|
snprintf(bldaddr, sizeof (bldaddr) - 1, "%s,%s", boperand, aoperand);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
sprintf(strg, "%s%s", bld, bldaddr);
|
sprintf(strg, "%s%s", bld, bldaddr);
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue