Fix Thumb disassembler memory corruption with IT sequence (issue #385)

commit: 4fcb31c9d3d05dc0b2561bb62112de469e2e7685 [log] [tgz]
author: Nikolay Igotti <olonho@google.com> Wed Jun 03 15:38:45 2015 +0200
committer: Nikolay Igotti <olonho@google.com> Wed Jun 03 15:38:45 2015 +0200
tree: a88f49fcdd3c2d9f207c5744e2f74d8c2b38f531
parent: ded15775af2d5eab999bdca31a74ec3fbd3a614f [diff]
diff --git a/arch/ARM/ARMDisassembler.c b/arch/ARM/ARMDisassembler.c
index cc8f662..b4dbb43 100644
--- a/arch/ARM/ARMDisassembler.c
+++ b/arch/ARM/ARMDisassembler.c

@@ -44,6 +44,10 @@
 
 static bool ITStatus_push_back(ARM_ITStatus *it, char v)
 {
+	if (it->size >= sizeof(it->ITStates)) {
+		// TODO: consider warning user.
+		it->size = 0;
+	}
 	it->ITStates[it->size] = v;
 	it->size++;
 
@@ -730,8 +734,7 @@
 		// Nested IT blocks are UNPREDICTABLE.  Must be checked before we add
 		// the Thumb predicate.
 		if (MCInst_getOpcode(MI) == ARM_t2IT && ITStatus_instrInITBlock(&(ud->ITBlock)))
-			result = MCDisassembler_SoftFail;
-
+			return MCDisassembler_SoftFail;
 		Check(&result, AddThumbPredicate(ud, MI));
 
 		// If we find an IT instruction, we need to parse its condition
commit	4fcb31c9d3d05dc0b2561bb62112de469e2e7685	[log] [tgz]
author	Nikolay Igotti <olonho@google.com>	Wed Jun 03 15:38:45 2015 +0200
committer	Nikolay Igotti <olonho@google.com>	Wed Jun 03 15:38:45 2015 +0200
tree	a88f49fcdd3c2d9f207c5744e2f74d8c2b38f531
parent	ded15775af2d5eab999bdca31a74ec3fbd3a614f [diff]