Fix CVE-2022-1207: out of bound read in GNU cris analysis plugin (#4629)

rizinorg · Sep 11, 2024 · d167921 · d167921
1 parent 6f0d675
commit d167921
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/librz/arch/p_gnu/analysis/analysis_cris_gnu.c b/librz/arch/p_gnu/analysis/analysis_cris_gnu.c
@@ -4,10 +4,15 @@
 #include <rz_asm.h>
 #include <rz_lib.h>
 
+#define CRIS_MIN_OP_SIZE 2
+
 static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask) {
 	int opsize = -1;
 	op->type = -1;
-	opsize = 2;
+	opsize = CRIS_MIN_OP_SIZE;
+	if (len < CRIS_MIN_OP_SIZE) {
+		return -1;
+	}
 	switch (buf[0]) {
 	case 0x3f:
 	case 0x4f: