From 42f70a3b95ea708d0e4fd5d83a6bc6965fd65ac6 Mon Sep 17 00:00:00 2001 From: Antonio Borneo Date: Fri, 22 Nov 2024 18:06:40 +0100 Subject: [PATCH] target: aarch64: fix out-of-bound access to array The command 'arm core_state' uses the enum in 'arm->core_state' as an index in the table of strings to print the core state. With [1] the enum has been extended with the new state for AArch64 but not the corresponding table of strings. This causes an access after the limit of arm_state_strings[]. Rewrite the table using c99 array designators to better show the link between the enum list and the table. Add the function arm_core_state_string() to check for out-of-bound values allover the file. Change-Id: I06473c2c8088b38ee07118bcc9e49bc8eafbc6e2 Fixes: [1] 9cbfc9feb35c ("arm_dpm: Add new state ARM_STATE_AARCH64") Signed-off-by: Antonio Borneo Reviewed-on: https://review.openocd.org/c/openocd/+/8594 Tested-by: jenkins --- src/target/armv4_5.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/target/armv4_5.c b/src/target/armv4_5.c index c1836bc7a..ceec3619b 100644 --- a/src/target/armv4_5.c +++ b/src/target/armv4_5.c @@ -248,7 +248,11 @@ enum arm_mode armv4_5_number_to_mode(int number) } static const char *arm_state_strings[] = { - "ARM", "Thumb", "Jazelle", "ThumbEE", + [ARM_STATE_ARM] = "ARM", + [ARM_STATE_THUMB] = "Thumb", + [ARM_STATE_JAZELLE] = "Jazelle", + [ARM_STATE_THUMB_EE] = "ThumbEE", + [ARM_STATE_AARCH64] = "AArch64", }; /* Templates for ARM core registers. @@ -430,6 +434,16 @@ const int armv4_5_core_reg_map[9][17] = { } }; +static const char *arm_core_state_string(struct arm *arm) +{ + if (arm->core_state > ARRAY_SIZE(arm_state_strings)) { + LOG_ERROR("core_state exceeds table size"); + return "Unknown"; + } + + return arm_state_strings[arm->core_state]; +} + /** * Configures host-side ARM records to reflect the specified CPSR. * Later, code can use arm_reg_current() to map register numbers @@ -484,7 +498,7 @@ void arm_set_cpsr(struct arm *arm, uint32_t cpsr) LOG_DEBUG("set CPSR %#8.8" PRIx32 ": %s mode, %s state", cpsr, arm_mode_name(mode), - arm_state_strings[arm->core_state]); + arm_core_state_string(arm)); } /** @@ -794,7 +808,7 @@ int arm_arch_state(struct target *target) LOG_USER("target halted in %s state due to %s, current mode: %s\n" "cpsr: 0x%8.8" PRIx32 " pc: 0x%8.8" PRIx32 "%s%s", - arm_state_strings[arm->core_state], + arm_core_state_string(arm), debug_reason_name(target), arm_mode_name(arm->core_mode), buf_get_u32(arm->cpsr->value, 0, 32), @@ -929,7 +943,7 @@ COMMAND_HANDLER(handle_arm_core_state_command) arm->core_state = ARM_STATE_THUMB; } - command_print(CMD, "core state: %s", arm_state_strings[arm->core_state]); + command_print(CMD, "core state: %s", arm_core_state_string(arm)); return ret; }