From 1bcb7d6cc6d32845beca919cf214b37f097da150 Mon Sep 17 00:00:00 2001 From: Nikolay Igotti Date: Wed, 3 Jun 2015 15:38:45 +0200 Subject: [PATCH] Fix Thumb disassembler memory corruption with IT sequence (issue #385) --- arch/ARM/ARMDisassembler.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/ARM/ARMDisassembler.c b/arch/ARM/ARMDisassembler.c index cc8f6622..b4dbb43d 100644 --- a/arch/ARM/ARMDisassembler.c +++ b/arch/ARM/ARMDisassembler.c @@ -44,6 +44,10 @@ static bool ITStatus_push_back(ARM_ITStatus *it, char v) { + if (it->size >= sizeof(it->ITStates)) { + // TODO: consider warning user. + it->size = 0; + } it->ITStates[it->size] = v; it->size++; @@ -730,8 +734,7 @@ static DecodeStatus _Thumb_getInstruction(cs_struct *ud, MCInst *MI, const uint8 // Nested IT blocks are UNPREDICTABLE. Must be checked before we add // the Thumb predicate. if (MCInst_getOpcode(MI) == ARM_t2IT && ITStatus_instrInITBlock(&(ud->ITBlock))) - result = MCDisassembler_SoftFail; - + return MCDisassembler_SoftFail; Check(&result, AddThumbPredicate(ud, MI)); // If we find an IT instruction, we need to parse its condition