From 44294a9705ea3373c1d37f569c3a842e1f43d34c Mon Sep 17 00:00:00 2001 From: Rot127 Date: Thu, 15 Feb 2024 07:25:36 -0500 Subject: [PATCH] Fix OOB write for regs_write and replace hardcoded values. --- arch/M68K/M68KDisassembler.h | 6 +++--- arch/M68K/M68KInstPrinter.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/M68K/M68KDisassembler.h b/arch/M68K/M68KDisassembler.h index 229545ba3d..a19e4b575e 100644 --- a/arch/M68K/M68KDisassembler.h +++ b/arch/M68K/M68KDisassembler.h @@ -17,11 +17,11 @@ typedef struct m68k_info { unsigned int type; unsigned int address_mask; /* Address mask to simulate address lines */ cs_m68k extension; - uint16_t regs_read[20]; // list of implicit registers read by this insn + uint16_t regs_read[MAX_IMPL_R_REGS]; // list of implicit registers read by this insn uint8_t regs_read_count; // number of implicit registers read by this insn - uint16_t regs_write[20]; // list of implicit registers modified by this insn + uint16_t regs_write[MAX_IMPL_W_REGS]; // list of implicit registers modified by this insn uint8_t regs_write_count; // number of implicit registers modified by this insn - uint8_t groups[8]; + uint8_t groups[MAX_NUM_GROUPS]; uint8_t groups_count; } m68k_info; diff --git a/arch/M68K/M68KInstPrinter.c b/arch/M68K/M68KInstPrinter.c index c50c05f105..f6805ed974 100644 --- a/arch/M68K/M68KInstPrinter.c +++ b/arch/M68K/M68KInstPrinter.c @@ -276,10 +276,10 @@ void M68K_printInst(MCInst* MI, SStream* O, void* PrinterInfo) memcpy(&detail->m68k, ext, sizeof(cs_m68k)); - memcpy(&detail->regs_read, &info->regs_read, regs_read_count * sizeof(uint16_t)); + memcpy(&detail->regs_read, &info->regs_read, regs_read_count * sizeof(info->regs_read[0])); detail->regs_read_count = regs_read_count; - memcpy(&detail->regs_write, &info->regs_write, regs_write_count * sizeof(uint16_t)); + memcpy(&detail->regs_write, &info->regs_write, regs_write_count * sizeof(info->regs_write[0])); detail->regs_write_count = regs_write_count; memcpy(&detail->groups, &info->groups, groups_count);