FS#9102 - arm_disass seg faults in some rare situations

Attached to Project: Rockbox
Opened by Martin Pahl (demapa) - Wednesday, 18 June 2008, 08:30 GMT
Last edited by Maurus Cuelenaere (mcuelenaere) - Wednesday, 30 July 2008, 15:59 GMT
Task Type Patches
Category Simulator
Status Closed
Assigned To No-one
Operating System All players
Severity Low
Priority Normal
Reported Version Daily build (which?)
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


I'm not sure which category to choose for this bug.

There is a bug in "void block_data(char *stg, ULONG val)" in the file "utils/disassembler/arm/disasm_arm.c" which leads to a segmentation fault in some cases, probably if you feed the function with illegal code.

void block_data(char *stg, ULONG val)
char lst[80];
int i;

strcpy(lst, "{");
for(i=0; i<16; i++)
if(val & (1<<i))
sprintf(lst+strlen(lst), "%s, ", regs[i]);
strcpy(lst+strlen(lst)-2, "}");

This strcpy-function is illegal if no reg is found in the loop before, because the string "}" is then copied to the position -1, which corrupts other variables. There should be an additional if-clause like this:

if (strlen(lst)>2)
strcpy(lst+strlen(lst)-2, "}");

I think a patch file is not necessary, as it is very easy to patch witch copy-and-paste from this message.
This task depends upon

Closed by  Maurus Cuelenaere (mcuelenaere)
Wednesday, 30 July 2008, 15:59 GMT
Reason for closing:  Accepted
Additional comments about closing:  Thanks!