Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Coverity Bugs #931

Closed
Tracked by #2029
radare opened this issue May 24, 2017 · 5 comments
Closed
Tracked by #2029

New Coverity Bugs #931

radare opened this issue May 24, 2017 · 5 comments

Comments

@radare
Copy link
Contributor

radare commented May 24, 2017 

** CID 1374336:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1748 in TMS320C64x_insn_name()


________________________________________________________________________________________________________
*** CID 1374336:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1748 in TMS320C64x_insn_name()
1742     	// handle special alias first
1743     	for (i = 0; i < ARR_SIZE(alias_insn_names); i++) {
1744     		if (alias_insn_names[i].id == id)
1745     			return alias_insn_names[i].name;
1746     	}
1747     
   CID 1374336:  Memory - illegal accesses  (OVERRUN)
   Overrunning array "insn_name_maps" of 3 16-byte elements at element index 144 (byte offset 2304) using index "id" (which evaluates to 144).
1748     	return insn_name_maps[id].name;
1749     #else
1750     	return NULL;
1751     #endif
1752     }
1753     

** CID 1374332:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1779 in TMS320C64x_group_name()


________________________________________________________________________________________________________
*** CID 1374332:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1779 in TMS320C64x_group_name()
1773     
1774     	for (i = 0; i < ARR_SIZE(group_name_maps); i++) {
1775     		if (group_name_maps[i].id == id)
1776     			return group_name_maps[i].name;
1777     	}
1778     
   CID 1374332:  Memory - illegal accesses  (OVERRUN)
   Overrunning array "group_name_maps" of 7 16-byte elements at element index 132 (byte offset 2112) using index "id" (which evaluates to 132).
1779     	return group_name_maps[id].name;
1780     #else
1781     	return NULL;
1782     #endif
1783     }
1784     

** CID 1374330:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 291 in DecodeMemOperandSc()


________________________________________________________________________________________________________
*** CID 1374330:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 291 in DecodeMemOperandSc()
285     		case 12:
286     		case 13:
287     		case 14:
288     		case 15:
289     			if((offset >= TMS320C64X_REG_A0) && (offset <= TMS320C64X_REG_A31))
290     				offset = (offset - TMS320C64X_REG_A0 + TMS320C64X_REG_B0);
   CID 1374330:  Control flow issues  (DEADCODE)
   Execution cannot reach the expression "offset <= TMS320C64X_REG_B31" inside this statement: "if (offset >= TMS320C64X_RE...".
291     			else if((offset >= TMS320C64X_REG_B0) && (offset <= TMS320C64X_REG_B31))
292     				offset = (base - TMS320C64X_REG_B0 + TMS320C64X_REG_A0);
293     			offsetreg = getReg(GPRegsDecoderTable, offset);
294     			MCOperand_CreateImm0(Inst, (scaled << 19) | (basereg << 12) | (offsetreg << 5) | (mode << 1) | unit);
295     			break;
296     		default:

** CID 1374328:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 270 in DecodeMemOperandSc()


________________________________________________________________________________________________________
*** CID 1374328:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 270 in DecodeMemOperandSc()
264     	offset = (Val >> 5) & 0x1f;
265     	mode = (Val >> 1) & 0xf;
266     	unit = Val & 1;
267     
268     	if((base >= TMS320C64X_REG_A0) && (base <= TMS320C64X_REG_A31))
269     		base = (base - TMS320C64X_REG_A0 + TMS320C64X_REG_B0);
   CID 1374328:  Control flow issues  (DEADCODE)
   Execution cannot reach the expression "base <= TMS320C64X_REG_B31" inside this statement: "if (base >= TMS320C64X_REG_...".
270     	else if((base >= TMS320C64X_REG_B0) && (base <= TMS320C64X_REG_B31))
271     		base = (base - TMS320C64X_REG_B0 + TMS320C64X_REG_A0);
272     	basereg = getReg(GPRegsDecoderTable, base);
273     
274     	switch(mode) {
275     		case 0:

** CID 1374324:  Incorrect expression  (COPY_PASTE_ERROR)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 292 in DecodeMemOperandSc()


________________________________________________________________________________________________________
*** CID 1374324:  Incorrect expression  (COPY_PASTE_ERROR)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 292 in DecodeMemOperandSc()
286     		case 13:
287     		case 14:
288     		case 15:
289     			if((offset >= TMS320C64X_REG_A0) && (offset <= TMS320C64X_REG_A31))
290     				offset = (offset - TMS320C64X_REG_A0 + TMS320C64X_REG_B0);
291     			else if((offset >= TMS320C64X_REG_B0) && (offset <= TMS320C64X_REG_B31))
   CID 1374324:  Incorrect expression  (COPY_PASTE_ERROR)
   "base" in "base - TMS320C64X_REG_B0" looks like a copy-paste error.
292     				offset = (base - TMS320C64X_REG_B0 + TMS320C64X_REG_A0);
293     			offsetreg = getReg(GPRegsDecoderTable, offset);
294     			MCOperand_CreateImm0(Inst, (scaled << 19) | (basereg << 12) | (offsetreg << 5) | (mode << 1) | unit);
295     			break;
296     		default:
297     			return MCDisassembler_Fail;

** CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)


________________________________________________________________________________________________________
*** CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)
/shlr/capstone/arch/XCore/XCoreDisassembler.c: 338 in DecodeR2RInstruction()
332     }
333     
334     static DecodeStatus DecodeR2RInstruction(MCInst *Inst, unsigned Insn, uint64_t Address,
335     		void *Decoder)
336     {
337     	unsigned Op1, Op2;
   CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)
   The positions of arguments in the call to "Decode2OpInstruction" do not match the ordering of the parameters:
* "&Op2" is passed to "Op1"
* "&Op1" is passed to "Op2"
338     	DecodeStatus S = Decode2OpInstruction(Insn, &Op2, &Op1);
339     	if (S != MCDisassembler_Success)
340     		return Decode2OpInstructionFail(Inst, Insn, Address, Decoder);
341     
342     	DecodeGRRegsRegisterClass(Inst, Op1, Address, Decoder);
343     	DecodeGRRegsRegisterClass(Inst, Op2, Address, Decoder);

** CID 1232749:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/Sparc/SparcInstPrinter.c: 370 in Sparc_printInst()


________________________________________________________________________________________________________
*** CID 1232749:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/Sparc/SparcInstPrinter.c: 370 in Sparc_printInst()
364     	char *mnem, *p;
365     	char instr[64];	// Sparc has no instruction this long
366     
367     	mnem = printAliasInstr(MI, O, Info);
368     	if (mnem) {
369     		// fixup instruction id due to the change in alias instruction
   CID 1232749:  Security best practices violations  (STRING_OVERFLOW)
   You might overrun the 64-character fixed-size string "instr" by copying "mnem" without checking the length.
370     		strncpy(instr, mnem, strlen(mnem));
371     		instr[strlen(mnem)] = '\0';
372     		// does this contains hint with a coma?
373     		p = strchr(instr, ',');
374     		if (p)
375     			*p = '\0';	// now instr only has instruction mnemonic

** CID 1222736:    (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 215 in printRegImmShift()
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 217 in printRegImmShift()


________________________________________________________________________________________________________
*** CID 1222736:    (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 215 in printRegImmShift()
209     	SStream_concat0(O, ", ");
210     
211     	//assert (!(ShOpc == ARM_AM_ror && !ShImm) && "Cannot have ror #0");
212     	SStream_concat0(O, ARM_AM_getShiftOpcStr(ShOpc));
213     	if (MI->csh->detail) {
214     		if (MI->csh->doing_mem)
   CID 1222736:    (MIXED_ENUMS)
   Mixing enum types "enum arm_shifter" and "enum ARM_AM_ShiftOpc" for "type".
215     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.type = (arm_shifter)ShOpc;
216     		else
217     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count - 1].shift.type = (arm_shifter)ShOpc;
218     	}
219     
220     	if (ShOpc != ARM_AM_rrx) {
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 217 in printRegImmShift()
211     	//assert (!(ShOpc == ARM_AM_ror && !ShImm) && "Cannot have ror #0");
212     	SStream_concat0(O, ARM_AM_getShiftOpcStr(ShOpc));
213     	if (MI->csh->detail) {
214     		if (MI->csh->doing_mem)
215     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.type = (arm_shifter)ShOpc;
216     		else
   CID 1222736:    (MIXED_ENUMS)
   Mixing enum types "enum arm_shifter" and "enum ARM_AM_ShiftOpc" for "type".
217     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count - 1].shift.type = (arm_shifter)ShOpc;
218     	}
219     
220     	if (ShOpc != ARM_AM_rrx) {
221     		SStream_concat0(O, " ");
222     		SStream_concat(O, "#%u", translateShiftImm(ShImm));

** CID 1222735:  Incorrect expression  (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 1023 in printAM2PreOrOffsetIndexOp()


________________________________________________________________________________________________________
*** CID 1222735:  Incorrect expression  (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 1023 in printAM2PreOrOffsetIndexOp()
1017     			SStream_concat0(O, ", ");
1018     			if (tmp > HEX_THRESHOLD)
1019     				SStream_concat(O, "#%s0x%x", ARM_AM_getAddrOpcStr(subtracted), tmp);
1020     			else
1021     				SStream_concat(O, "#%s%u", ARM_AM_getAddrOpcStr(subtracted), tmp);
1022     			if (MI->csh->detail) {
   CID 1222735:  Incorrect expression  (MIXED_ENUMS)
   Mixing enum types "enum arm_shifter" and "enum ARM_AM_AddrOpc" for "type".
1023     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.type = (arm_shifter)getAM2Op((unsigned int)MCOperand_getImm(MO3));
1024     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.value = tmp;
1025     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].subtracted = subtracted == ARM_AM_sub;
1026     			}
1027     		}
1028     		SStream_concat0(O, "]");

** CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/XCore/XCoreInstPrinter.c: 54 in XCore_insn_extract()


________________________________________________________________________________________________________
*** CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/XCore/XCoreInstPrinter.c: 54 in XCore_insn_extract()
48     void XCore_insn_extract(MCInst *MI, const char *code)
49     {
50     	int id;
51     	char *p, *p2;
52     	char tmp[128];
53     
   CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
   Note: This defect has an elevated risk because the source argument is a parameter of the current function.
54     	strcpy(tmp, code); // safe because code is way shorter than 128 bytes
55     
56     	// find the first space
57     	p = strchr(tmp, ' ');
58     	if (p) {
59     		p++;

** CID 1196399:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 2085 in printAddrModeImm12Operand()


________________________________________________________________________________________________________
*** CID 1196399:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 2085 in printAddrModeImm12Operand()
2079     		if (OffImm >= 0) {
2080     			if (OffImm > HEX_THRESHOLD)
2081     				SStream_concat(O, ", #0x%x", OffImm);
2082     			else
2083     				SStream_concat(O, ", #%u", OffImm);
2084     		} else {
   CID 1196399:  Control flow issues  (DEADCODE)
   Execution cannot reach this statement: "if (OffImm < -9)
 SStream_...".
2085     			if (OffImm < -HEX_THRESHOLD)
2086     				SStream_concat(O, ", #-0x%x", -OffImm);
2087     			else
2088     				SStream_concat(O, ", #-%u", -OffImm);
2089     		}
2090     	}

** CID 1191336:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 956 in DecodeGPRwithAPSRRegisterClass()


________________________________________________________________________________________________________
*** CID 1191336:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 956 in DecodeGPRwithAPSRRegisterClass()
950     
951     	if (RegNo == 15) {
952     		MCOperand_CreateReg0(Inst, ARM_APSR_NZCV);
953     		return MCDisassembler_Success;
954     	}
955     
   CID 1191336:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
956     	Check(&S, DecodeGPRRegisterClass(Inst, RegNo, Address, Decoder));
957     	return S;
958     }
959     
960     static DecodeStatus DecodetGPRRegisterClass(MCInst *Inst, unsigned RegNo,
961     		uint64_t Address, const void *Decoder)

** CID 1191335:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1285 in DecodeRegListOperand()


________________________________________________________________________________________________________
*** CID 1191335:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1285 in DecodeRegListOperand()
1279     	for (i = 0; i < 16; ++i) {
1280     		if (Val & (1 << i)) {
1281     			if (!Check(&S, DecodeGPRRegisterClass(Inst, i, Address, Decoder)))
1282     				return MCDisassembler_Fail;
1283     			// Writeback not allowed if Rn is in the target list.
1284     			if (NeedDisjointWriteback && WritebackReg == MCOperand_getReg(&(Inst->Operands[Inst->size-1])))
   CID 1191335:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
1285     				Check(&S, MCDisassembler_SoftFail);
1286     		}
1287     	}
1288     
1289     	if (opcode == ARM_t2LDMIA_UPD && WritebackReg == ARM_SP) {
1290     		if (Val & (1 << 13) || ((Val & (1 << 15)) && (Val & (1 << 14)))) {

** CID 1191334:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1027 in DecoderGPRRegisterClass()


________________________________________________________________________________________________________
*** CID 1191334:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1027 in DecoderGPRRegisterClass()
1021     static DecodeStatus DecoderGPRRegisterClass(MCInst *Inst, unsigned RegNo,
1022     		uint64_t Address, const void *Decoder)
1023     {
1024     	DecodeStatus S = MCDisassembler_Success;
1025     	if (RegNo == 13 || RegNo == 15)
1026     		S = MCDisassembler_SoftFail;
   CID 1191334:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
1027     	Check(&S, DecodeGPRRegisterClass(Inst, RegNo, Address, Decoder));
1028     	return S;
1029     }
1030     
1031     static const uint16_t SPRDecoderTable[] = {
1032     	ARM_S0,  ARM_S1,  ARM_S2,  ARM_S3,

** CID 1191333:    (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4978 in DecodeT2LDRDPreInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4980 in DecodeT2LDRDPreInstruction()


________________________________________________________________________________________________________
*** CID 1191333:    (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4978 in DecodeT2LDRDPreInstruction()
4972     	unsigned P = fieldFromInstruction_4(Insn, 24, 1);
4973     	bool writeback = (W == 1) | (P == 0);
4974     
4975     	addr |= (U << 8) | (Rn << 9);
4976     
4977     	if (writeback && (Rn == Rt || Rn == Rt2))
   CID 1191333:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
4978     		Check(&S, MCDisassembler_SoftFail);
4979     	if (Rt == Rt2)
4980     		Check(&S, MCDisassembler_SoftFail);
4981     
4982     	// Rt
4983     	if (!Check(&S, DecoderGPRRegisterClass(Inst, Rt, Address, Decoder)))
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4980 in DecodeT2LDRDPreInstruction()
4974     
4975     	addr |= (U << 8) | (Rn << 9);
4976     
4977     	if (writeback && (Rn == Rt || Rn == Rt2))
4978     		Check(&S, MCDisassembler_SoftFail);
4979     	if (Rt == Rt2)
   CID 1191333:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
4980     		Check(&S, MCDisassembler_SoftFail);
4981     
4982     	// Rt
4983     	if (!Check(&S, DecoderGPRRegisterClass(Inst, Rt, Address, Decoder)))
4984     		return MCDisassembler_Fail;
4985     	// Rt2

** CID 1191332:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 5015 in DecodeT2STRDPreInstruction()


________________________________________________________________________________________________________
*** CID 1191332:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 5015 in DecodeT2STRDPreInstruction()
5009     	unsigned P = fieldFromInstruction_4(Insn, 24, 1);
5010     	bool writeback = (W == 1) | (P == 0);
5011     
5012     	addr |= (U << 8) | (Rn << 9);
5013     
5014     	if (writeback && (Rn == Rt || Rn == Rt2))
   CID 1191332:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
5015     		Check(&S, MCDisassembler_SoftFail);
5016     
5017     	// Writeback operand
5018     	if (!Check(&S, DecoderGPRRegisterClass(Inst, Rn, Address, Decoder)))
5019     		return MCDisassembler_Fail;
5020     	// Rt

** CID 1191331:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 941 in DecodeGPRnopcRegisterClass()


________________________________________________________________________________________________________
*** CID 1191331:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 941 in DecodeGPRnopcRegisterClass()
935     {
936     	DecodeStatus S = MCDisassembler_Success;
937     
938     	if (RegNo == 15) 
939     		S = MCDisassembler_SoftFail;
940     
   CID 1191331:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
941     	Check(&S, DecodeGPRRegisterClass(Inst, RegNo, Address, Decoder));
942     
943     	return S;
944     }
945     
946     static DecodeStatus DecodeGPRwithAPSRRegisterClass(MCInst *Inst, unsigned RegNo,

** CID 1191330:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1366 in DecodeBitfieldMaskOperand()


________________________________________________________________________________________________________
*** CID 1191330:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1366 in DecodeBitfieldMaskOperand()
1360     	unsigned msb = fieldFromInstruction_4(Val, 5, 5);
1361     	unsigned lsb = fieldFromInstruction_4(Val, 0, 5);
1362     	uint32_t lsb_mask, msb_mask;
1363     
1364     	DecodeStatus S = MCDisassembler_Success;
1365     	if (lsb > msb) {
   CID 1191330:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
1366     		Check(&S, MCDisassembler_SoftFail);
1367     		// The check above will cause the warning for the "potentially undefined
1368     		// instruction encoding" but we can't build a bad MCOperand value here
1369     		// with a lsb > msb or else printing the MCInst will cause a crash.
1370     		lsb = msb;
1371     	}
@aquynh
Copy link
Collaborator

aquynh commented May 24, 2017

the issues with TMS320C64x look real. the rest is false positive, except the dead code issue on Arm.

@aquynh
Copy link
Collaborator

aquynh commented May 24, 2017

@fotisl, can you confirm the issues of TMS320C64x?

@fotisl
Copy link
Contributor

fotisl commented May 25, 2017

I will have a look at it.

@radare
Copy link
Contributor Author

radare commented Oct 13, 2017

Updated

** CID 1374336:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1748 in TMS320C64x_insn_name()


________________________________________________________________________________________________________
*** CID 1374336:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1748 in TMS320C64x_insn_name()
1742     	// handle special alias first
1743     	for (i = 0; i < ARR_SIZE(alias_insn_names); i++) {
1744     		if (alias_insn_names[i].id == id)
1745     			return alias_insn_names[i].name;
1746     	}
1747     
   CID 1374336:  Memory - illegal accesses  (OVERRUN)
   Overrunning array "insn_name_maps" of 3 16-byte elements at element index 144 (byte offset 2304) using index "id" (which evaluates to 144).
1748     	return insn_name_maps[id].name;
1749     #else
1750     	return NULL;
1751     #endif
1752     }
1753     

** CID 1374332:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1779 in TMS320C64x_group_name()


________________________________________________________________________________________________________
*** CID 1374332:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1779 in TMS320C64x_group_name()
1773     
1774     	for (i = 0; i < ARR_SIZE(group_name_maps); i++) {
1775     		if (group_name_maps[i].id == id)
1776     			return group_name_maps[i].name;
1777     	}
1778     
   CID 1374332:  Memory - illegal accesses  (OVERRUN)
   Overrunning array "group_name_maps" of 7 16-byte elements at element index 132 (byte offset 2112) using index "id" (which evaluates to 132).
1779     	return group_name_maps[id].name;
1780     #else
1781     	return NULL;
1782     #endif
1783     }
1784     

** CID 1374330:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 291 in DecodeMemOperandSc()


________________________________________________________________________________________________________
*** CID 1374330:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 291 in DecodeMemOperandSc()
285     		case 12:
286     		case 13:
287     		case 14:
288     		case 15:
289     			if((offset >= TMS320C64X_REG_A0) && (offset <= TMS320C64X_REG_A31))
290     				offset = (offset - TMS320C64X_REG_A0 + TMS320C64X_REG_B0);
   CID 1374330:  Control flow issues  (DEADCODE)
   Execution cannot reach the expression "offset <= TMS320C64X_REG_B31" inside this statement: "if (offset >= TMS320C64X_RE...".
291     			else if((offset >= TMS320C64X_REG_B0) && (offset <= TMS320C64X_REG_B31))
292     				offset = (offset - TMS320C64X_REG_B0 + TMS320C64X_REG_A0);
293     			offsetreg = getReg(GPRegsDecoderTable, offset);
294     			MCOperand_CreateImm0(Inst, (scaled << 19) | (basereg << 12) | (offsetreg << 5) | (mode << 1) | unit);
295     			break;
296     		default:

** CID 1374328:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 270 in DecodeMemOperandSc()


________________________________________________________________________________________________________
*** CID 1374328:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 270 in DecodeMemOperandSc()
264     	offset = (Val >> 5) & 0x1f;
265     	mode = (Val >> 1) & 0xf;
266     	unit = Val & 1;
267     
268     	if((base >= TMS320C64X_REG_A0) && (base <= TMS320C64X_REG_A31))
269     		base = (base - TMS320C64X_REG_A0 + TMS320C64X_REG_B0);
   CID 1374328:  Control flow issues  (DEADCODE)
   Execution cannot reach the expression "base <= TMS320C64X_REG_B31" inside this statement: "if (base >= TMS320C64X_REG_...".
270     	else if((base >= TMS320C64X_REG_B0) && (base <= TMS320C64X_REG_B31))
271     		base = (base - TMS320C64X_REG_B0 + TMS320C64X_REG_A0);
272     	basereg = getReg(GPRegsDecoderTable, base);
273     
274     	switch(mode) {
275     		case 0:

** CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)


________________________________________________________________________________________________________
*** CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)
/shlr/capstone/arch/XCore/XCoreDisassembler.c: 338 in DecodeR2RInstruction()
332     }
333     
334     static DecodeStatus DecodeR2RInstruction(MCInst *Inst, unsigned Insn, uint64_t Address,
335     		void *Decoder)
336     {
337     	unsigned Op1, Op2;
   CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)
   The positions of arguments in the call to "Decode2OpInstruction" do not match the ordering of the parameters:
* "&Op2" is passed to "Op1"
* "&Op1" is passed to "Op2"
338     	DecodeStatus S = Decode2OpInstruction(Insn, &Op2, &Op1);
339     	if (S != MCDisassembler_Success)
340     		return Decode2OpInstructionFail(Inst, Insn, Address, Decoder);
341     
342     	DecodeGRRegsRegisterClass(Inst, Op1, Address, Decoder);
343     	DecodeGRRegsRegisterClass(Inst, Op2, Address, Decoder);

** CID 1232749:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/Sparc/SparcInstPrinter.c: 370 in Sparc_printInst()


________________________________________________________________________________________________________
*** CID 1232749:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/Sparc/SparcInstPrinter.c: 370 in Sparc_printInst()
364     	char *mnem, *p;
365     	char instr[64];	// Sparc has no instruction this long
366     
367     	mnem = printAliasInstr(MI, O, Info);
368     	if (mnem) {
369     		// fixup instruction id due to the change in alias instruction
   CID 1232749:  Security best practices violations  (STRING_OVERFLOW)
   You might overrun the 64-character fixed-size string "instr" by copying "mnem" without checking the length.
370     		strncpy(instr, mnem, strlen(mnem));
371     		instr[strlen(mnem)] = '\0';
372     		// does this contains hint with a coma?
373     		p = strchr(instr, ',');
374     		if (p)
375     			*p = '\0';	// now instr only has instruction mnemonic

** CID 1222736:    (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 215 in printRegImmShift()
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 217 in printRegImmShift()


________________________________________________________________________________________________________
*** CID 1222736:    (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 215 in printRegImmShift()
209     	SStream_concat0(O, ", ");
210     
211     	//assert (!(ShOpc == ARM_AM_ror && !ShImm) && "Cannot have ror #0");
212     	SStream_concat0(O, ARM_AM_getShiftOpcStr(ShOpc));
213     	if (MI->csh->detail) {
214     		if (MI->csh->doing_mem)
   CID 1222736:    (MIXED_ENUMS)
   Mixing enum types "enum arm_shifter" and "enum ARM_AM_ShiftOpc" for "type".
215     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.type = (arm_shifter)ShOpc;
216     		else
217     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count - 1].shift.type = (arm_shifter)ShOpc;
218     	}
219     
220     	if (ShOpc != ARM_AM_rrx) {
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 217 in printRegImmShift()
211     	//assert (!(ShOpc == ARM_AM_ror && !ShImm) && "Cannot have ror #0");
212     	SStream_concat0(O, ARM_AM_getShiftOpcStr(ShOpc));
213     	if (MI->csh->detail) {
214     		if (MI->csh->doing_mem)
215     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.type = (arm_shifter)ShOpc;
216     		else
   CID 1222736:    (MIXED_ENUMS)
   Mixing enum types "enum arm_shifter" and "enum ARM_AM_ShiftOpc" for "type".
217     			MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count - 1].shift.type = (arm_shifter)ShOpc;
218     	}
219     
220     	if (ShOpc != ARM_AM_rrx) {
221     		SStream_concat0(O, " ");
222     		SStream_concat(O, "#%u", translateShiftImm(ShImm));

** CID 1222735:  Incorrect expression  (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 1025 in printAM2PreOrOffsetIndexOp()


________________________________________________________________________________________________________
*** CID 1222735:  Incorrect expression  (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 1025 in printAM2PreOrOffsetIndexOp()
1019     			SStream_concat0(O, ", ");
1020     			if (tmp > HEX_THRESHOLD)
1021     				SStream_concat(O, "#%s0x%x", ARM_AM_getAddrOpcStr(subtracted), tmp);
1022     			else
1023     				SStream_concat(O, "#%s%u", ARM_AM_getAddrOpcStr(subtracted), tmp);
1024     			if (MI->csh->detail) {
   CID 1222735:  Incorrect expression  (MIXED_ENUMS)
   Mixing enum types "enum arm_shifter" and "enum ARM_AM_AddrOpc" for "type".
1025     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.type = (arm_shifter)getAM2Op((unsigned int)MCOperand_getImm(MO3));
1026     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.value = tmp;
1027     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].subtracted = subtracted == ARM_AM_sub;
1028     			}
1029     		}
1030     		SStream_concat0(O, "]");

** CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/XCore/XCoreInstPrinter.c: 54 in XCore_insn_extract()


________________________________________________________________________________________________________
*** CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/XCore/XCoreInstPrinter.c: 54 in XCore_insn_extract()
48     void XCore_insn_extract(MCInst *MI, const char *code)
49     {
50     	int id;
51     	char *p, *p2;
52     	char tmp[128];
53     
   CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
   Note: This defect has an elevated risk because the source argument is a parameter of the current function.
54     	strcpy(tmp, code); // safe because code is way shorter than 128 bytes
55     
56     	// find the first space
57     	p = strchr(tmp, ' ');
58     	if (p) {
59     		p++;

** CID 1196399:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 2087 in printAddrModeImm12Operand()


________________________________________________________________________________________________________
*** CID 1196399:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 2087 in printAddrModeImm12Operand()
2081     		if (OffImm >= 0) {
2082     			if (OffImm > HEX_THRESHOLD)
2083     				SStream_concat(O, ", #0x%x", OffImm);
2084     			else
2085     				SStream_concat(O, ", #%u", OffImm);
2086     		} else {
   CID 1196399:  Control flow issues  (DEADCODE)
   Execution cannot reach this statement: "if (OffImm < -9)
 SStream_...".
2087     			if (OffImm < -HEX_THRESHOLD)
2088     				SStream_concat(O, ", #-0x%x", -OffImm);
2089     			else
2090     				SStream_concat(O, ", #-%u", -OffImm);
2091     		}
2092     	}

** CID 1191336:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 956 in DecodeGPRwithAPSRRegisterClass()


________________________________________________________________________________________________________
*** CID 1191336:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 956 in DecodeGPRwithAPSRRegisterClass()
950     
951     	if (RegNo == 15) {
952     		MCOperand_CreateReg0(Inst, ARM_APSR_NZCV);
953     		return MCDisassembler_Success;
954     	}
955     
   CID 1191336:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
956     	Check(&S, DecodeGPRRegisterClass(Inst, RegNo, Address, Decoder));
957     	return S;
958     }
959     
960     static DecodeStatus DecodetGPRRegisterClass(MCInst *Inst, unsigned RegNo,
961     		uint64_t Address, const void *Decoder)

** CID 1191335:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1285 in DecodeRegListOperand()


________________________________________________________________________________________________________
*** CID 1191335:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1285 in DecodeRegListOperand()
1279     	for (i = 0; i < 16; ++i) {
1280     		if (Val & (1 << i)) {
1281     			if (!Check(&S, DecodeGPRRegisterClass(Inst, i, Address, Decoder)))
1282     				return MCDisassembler_Fail;
1283     			// Writeback not allowed if Rn is in the target list.
1284     			if (NeedDisjointWriteback && WritebackReg == MCOperand_getReg(&(Inst->Operands[Inst->size-1])))
   CID 1191335:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
1285     				Check(&S, MCDisassembler_SoftFail);
1286     		}
1287     	}
1288     
1289     	if (opcode == ARM_t2LDMIA_UPD && WritebackReg == ARM_SP) {
1290     		if (Val & (1 << 13) || ((Val & (1 << 15)) && (Val & (1 << 14)))) {

** CID 1191334:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1027 in DecoderGPRRegisterClass()


________________________________________________________________________________________________________
*** CID 1191334:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1027 in DecoderGPRRegisterClass()
1021     static DecodeStatus DecoderGPRRegisterClass(MCInst *Inst, unsigned RegNo,
1022     		uint64_t Address, const void *Decoder)
1023     {
1024     	DecodeStatus S = MCDisassembler_Success;
1025     	if (RegNo == 13 || RegNo == 15)
1026     		S = MCDisassembler_SoftFail;
   CID 1191334:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
1027     	Check(&S, DecodeGPRRegisterClass(Inst, RegNo, Address, Decoder));
1028     	return S;
1029     }
1030     
1031     static const uint16_t SPRDecoderTable[] = {
1032     	ARM_S0,  ARM_S1,  ARM_S2,  ARM_S3,

** CID 1191333:    (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4978 in DecodeT2LDRDPreInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4980 in DecodeT2LDRDPreInstruction()


________________________________________________________________________________________________________
*** CID 1191333:    (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4978 in DecodeT2LDRDPreInstruction()
4972     	unsigned P = fieldFromInstruction_4(Insn, 24, 1);
4973     	bool writeback = (W == 1) | (P == 0);
4974     
4975     	addr |= (U << 8) | (Rn << 9);
4976     
4977     	if (writeback && (Rn == Rt || Rn == Rt2))
   CID 1191333:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
4978     		Check(&S, MCDisassembler_SoftFail);
4979     	if (Rt == Rt2)
4980     		Check(&S, MCDisassembler_SoftFail);
4981     
4982     	// Rt
4983     	if (!Check(&S, DecoderGPRRegisterClass(Inst, Rt, Address, Decoder)))
/shlr/capstone/arch/ARM/ARMDisassembler.c: 4980 in DecodeT2LDRDPreInstruction()
4974     
4975     	addr |= (U << 8) | (Rn << 9);
4976     
4977     	if (writeback && (Rn == Rt || Rn == Rt2))
4978     		Check(&S, MCDisassembler_SoftFail);
4979     	if (Rt == Rt2)
   CID 1191333:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
4980     		Check(&S, MCDisassembler_SoftFail);
4981     
4982     	// Rt
4983     	if (!Check(&S, DecoderGPRRegisterClass(Inst, Rt, Address, Decoder)))
4984     		return MCDisassembler_Fail;
4985     	// Rt2

** CID 1191332:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 5015 in DecodeT2STRDPreInstruction()


________________________________________________________________________________________________________
*** CID 1191332:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 5015 in DecodeT2STRDPreInstruction()
5009     	unsigned P = fieldFromInstruction_4(Insn, 24, 1);
5010     	bool writeback = (W == 1) | (P == 0);
5011     
5012     	addr |= (U << 8) | (Rn << 9);
5013     
5014     	if (writeback && (Rn == Rt || Rn == Rt2))
   CID 1191332:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
5015     		Check(&S, MCDisassembler_SoftFail);
5016     
5017     	// Writeback operand
5018     	if (!Check(&S, DecoderGPRRegisterClass(Inst, Rn, Address, Decoder)))
5019     		return MCDisassembler_Fail;
5020     	// Rt

** CID 1191331:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 941 in DecodeGPRnopcRegisterClass()


________________________________________________________________________________________________________
*** CID 1191331:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 941 in DecodeGPRnopcRegisterClass()
935     {
936     	DecodeStatus S = MCDisassembler_Success;
937     
938     	if (RegNo == 15) 
939     		S = MCDisassembler_SoftFail;
940     
   CID 1191331:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
941     	Check(&S, DecodeGPRRegisterClass(Inst, RegNo, Address, Decoder));
942     
943     	return S;
944     }
945     
946     static DecodeStatus DecodeGPRwithAPSRRegisterClass(MCInst *Inst, unsigned RegNo,

** CID 1191330:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1366 in DecodeBitfieldMaskOperand()


________________________________________________________________________________________________________
*** CID 1191330:  Error handling issues  (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 1366 in DecodeBitfieldMaskOperand()
1360     	unsigned msb = fieldFromInstruction_4(Val, 5, 5);
1361     	unsigned lsb = fieldFromInstruction_4(Val, 0, 5);
1362     	uint32_t lsb_mask, msb_mask;
1363     
1364     	DecodeStatus S = MCDisassembler_Success;
1365     	if (lsb > msb) {
   CID 1191330:  Error handling issues  (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
1366     		Check(&S, MCDisassembler_SoftFail);
1367     		// The check above will cause the warning for the "potentially undefined
1368     		// instruction encoding" but we can't build a bad MCOperand value here
1369     		// with a lsb > msb or else printing the MCInst will cause a crash.
1370     		lsb = msb;
1371     	}

** CID 1191319:    (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 736 in _Thumb_getInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 745 in _Thumb_getInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 759 in _Thumb_getInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 795 in _Thumb_getInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 804 in _Thumb_getInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 838 in _Thumb_getInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 851 in _Thumb_getInstruction()
/shlr/capstone/arch/ARM/ARMDisassembler.c: 865 in _Thumb_getInstruction()


________________________________________________________________________________________________________
*** CID 1191319:    (CHECKED_RETURN)
/shlr/capstone/arch/ARM/ARMDisassembler.c: 736 in _Thumb_getInstruction()
730     	else
731     		insn16 = (code[1] << 8) | code[0];
732     
733     	result = decodeInstruction_2(DecoderTableThumb16, MI, insn16, Address, NULL, ud->mode);
734     	if (result != MCDisassembler_Fail) {
735     		*Size = 2;
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
736     		Check(&result, AddThumbPredicate(ud, MI));
737     		return result;
738     	}
739     
740     	MCInst_clear(MI);
741     	result = decodeInstruction_2(DecoderTableThumbSBit16, MI, insn16, Address, NULL, ud->mode);
/shlr/capstone/arch/ARM/ARMDisassembler.c: 745 in _Thumb_getInstruction()
739     
740     	MCInst_clear(MI);
741     	result = decodeInstruction_2(DecoderTableThumbSBit16, MI, insn16, Address, NULL, ud->mode);
742     	if (result) {
743     		*Size = 2;
744     		InITBlock = ITStatus_instrInITBlock(&(ud->ITBlock));
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
745     		Check(&result, AddThumbPredicate(ud, MI));
746     		AddThumb1SBit(MI, InITBlock);
747     		return result;
748     	}
749     
750     	MCInst_clear(MI);
/shlr/capstone/arch/ARM/ARMDisassembler.c: 759 in _Thumb_getInstruction()
753     		*Size = 2;
754     
755     		// Nested IT blocks are UNPREDICTABLE.  Must be checked before we add
756     		// the Thumb predicate.
757     		if (MCInst_getOpcode(MI) == ARM_t2IT && ITStatus_instrInITBlock(&(ud->ITBlock)))
758     			return MCDisassembler_SoftFail;
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
759     		Check(&result, AddThumbPredicate(ud, MI));
760     
761     		// If we find an IT instruction, we need to parse its condition
762     		// code and mask operands so that we can apply them correctly
763     		// to the subsequent instructions.
764     		if (MCInst_getOpcode(MI) == ARM_t2IT) {
/shlr/capstone/arch/ARM/ARMDisassembler.c: 795 in _Thumb_getInstruction()
789     
790     	MCInst_clear(MI);
791     	result = decodeInstruction_4(DecoderTableThumb32, MI, insn32, Address, NULL, ud->mode);
792     	if (result != MCDisassembler_Fail) {
793     		*Size = 4;
794     		InITBlock = ITStatus_instrInITBlock(&(ud->ITBlock));
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
795     		Check(&result, AddThumbPredicate(ud, MI));
796     		AddThumb1SBit(MI, InITBlock);
797     		return result;
798     	}
799     
800     	MCInst_clear(MI);
/shlr/capstone/arch/ARM/ARMDisassembler.c: 804 in _Thumb_getInstruction()
798     	}
799     
800     	MCInst_clear(MI);
801     	result = decodeInstruction_4(DecoderTableThumb232, MI, insn32, Address, NULL, ud->mode);
802     	if (result != MCDisassembler_Fail) {
803     		*Size = 4;
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
804     		Check(&result, AddThumbPredicate(ud, MI));
805     		return result;
806     	}
807     
808     	MCInst_clear(MI);
809     	result = decodeInstruction_4(DecoderTableVFP32, MI, insn32, Address, NULL, ud->mode);
/shlr/capstone/arch/ARM/ARMDisassembler.c: 838 in _Thumb_getInstruction()
832     
833     	if (fieldFromInstruction_4(insn32, 28, 4) == 0xE) {
834     		MCInst_clear(MI);
835     		result = decodeInstruction_4(DecoderTableNEONDup32, MI, insn32, Address, NULL, ud->mode);
836     		if (result != MCDisassembler_Fail) {
837     			*Size = 4;
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
838     			Check(&result, AddThumbPredicate(ud, MI));
839     			return result;
840     		}
841     	}
842     
843     	if (fieldFromInstruction_4(insn32, 24, 8) == 0xF9) {
/shlr/capstone/arch/ARM/ARMDisassembler.c: 851 in _Thumb_getInstruction()
845     		NEONLdStInsn = insn32;
846     		NEONLdStInsn &= 0xF0FFFFFF;
847     		NEONLdStInsn |= 0x04000000;
848     		result = decodeInstruction_4(DecoderTableNEONLoadStore32, MI, NEONLdStInsn, Address, NULL, ud->mode);
849     		if (result != MCDisassembler_Fail) {
850     			*Size = 4;
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
851     			Check(&result, AddThumbPredicate(ud, MI));
852     			return result;
853     		}
854     	}
855     
856     	if (fieldFromInstruction_4(insn32, 24, 4) == 0xF) {
/shlr/capstone/arch/ARM/ARMDisassembler.c: 865 in _Thumb_getInstruction()
859     		NEONDataInsn &= 0xF0FFFFFF; // Clear bits 27-24
860     		NEONDataInsn |= (NEONDataInsn & 0x10000000) >> 4; // Move bit 28 to bit 24
861     		NEONDataInsn |= 0x12000000; // Set bits 28 and 25
862     		result = decodeInstruction_4(DecoderTableNEONData32, MI, NEONDataInsn, Address, NULL, ud->mode);
863     		if (result != MCDisassembler_Fail) {
864     			*Size = 4;
   CID 1191319:    (CHECKED_RETURN)
   Calling "Check" without checking return value (as is done elsewhere 251 out of 267 times).
865     			Check(&result, AddThumbPredicate(ud, MI));
866     			return result;
867     		}
868     	}
869     
870     	MCInst_clear(MI);

@XVilka XVilka mentioned this issue May 22, 2023
Closed
3 tasks
@Rot127
Copy link
Collaborator

Rot127 commented Aug 13, 2024

With #2437 merged I close this. Since we get another bunch of defects to fix now.
Tracking them now in #2438

@Rot127 Rot127 closed this as completed Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@radare @fotisl @aquynh @Rot127