Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-12-02 10:16:21 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix more CIDs, memleaks mainly

Browse Source
This commit is contained in:
pancake 2016-12-19 04:21:56 +01:00
parent 0111506292
commit 2c5400e03e
5 changed files with 236 additions and 299 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

435
libr/asm/arch/tms320/c55x_plus/decode_funcs.c
View File

@ -49,21 +49,17 @@ char *get_trans_reg(ut32 ins_bits) {
break;
default:
fprintf(stderr, "Invalid transaction instruction 0x%x\n", ins_bits);
fprintf (stderr, "Invalid transaction instruction 0x%x\n", ins_bits);
}
if(res != NULL)
res = strdup(res);
return res;
return res? strdup (res): NULL;
}
char *get_AR_regs_class1(ut32 ins_bits) {
ut32 op = (ins_bits >> 4) & 7;
char *res = (char *)malloc(50);
char *res = (char *)calloc (1, 50);
if (!res) {
return NULL;
}
memset (res, 0, 50);
switch (op) {
case 0:
sprintf(res, "*ar-%ld", (long int)ins_bits & 0xF);
@ -857,237 +853,199 @@ char *get_status_regs_and_bits(char *reg_arg, int reg_bit) {
}
char *get_reg_name_4(ut32 idx)
{
char *res = NULL;
char *get_reg_name_4(ut32 idx) {
char *res = NULL;
switch(idx) {
case 0:
res = "ac0";
break;
case 1:
res = "ac1";
break;
case 2:
res = "ac2";
break;
case 3:
res = "ac3";
break;
case 4:
res = "ac4";
break;
case 5:
res = "ac5";
break;
case 6:
res = "ac6";
break;
case 7:
res = "ac7";
break;
case 8:
res = "t0";
break;
case 9:
res = "t1";
break;
case 10:
res = "t2";
break;
case 11:
res = "t3";
break;
case 16:
res = "ar0";
break;
case 17:
res = "ar1";
break;
case 18:
res = "ar2";
break;
case 19:
res = "ar3";
break;
case 20:
res = "ar4";
break;
case 21:
res = "ar5";
break;
case 22:
res = "ar6";
break;
case 23:
res = "ar7";
break;
case 24:
res = "ac0.l";
break;
case 25:
res = "ac1.l";
break;
case 26:
res = "ac2.l";
break;
case 27:
res = "ac3.l";
break;
case 28:
res = "ac4.l";
break;
case 29:
res = "ac5.l";
break;
case 30:
res = "ac6.l";
break;
case 31:
res = "ac7.l";
break;
}
if(res != NULL)
res = strdup(res);
return res;
switch (idx) {
case 0:
res = "ac0";
break;
case 1:
res = "ac1";
break;
case 2:
res = "ac2";
break;
case 3:
res = "ac3";
break;
case 4:
res = "ac4";
break;
case 5:
res = "ac5";
break;
case 6:
res = "ac6";
break;
case 7:
res = "ac7";
break;
case 8:
res = "t0";
break;
case 9:
res = "t1";
break;
case 10:
res = "t2";
break;
case 11:
res = "t3";
break;
case 16:
res = "ar0";
break;
case 17:
res = "ar1";
break;
case 18:
res = "ar2";
break;
case 19:
res = "ar3";
break;
case 20:
res = "ar4";
break;
case 21:
res = "ar5";
break;
case 22:
res = "ar6";
break;
case 23:
res = "ar7";
break;
case 24:
res = "ac0.l";
break;
case 25:
res = "ac1.l";
break;
case 26:
res = "ac2.l";
break;
case 27:
res = "ac3.l";
break;
case 28:
res = "ac4.l";
break;
case 29:
res = "ac5.l";
break;
case 30:
res = "ac6.l";
break;
case 31:
res = "ac7.l";
break;
}
return res? strdup (res): NULL;
}
char *get_opers(ut8 oper_byte)
{
char *res = NULL;
ut8 oper_type = 0x00;
char *reg_name = NULL;
switch (oper_byte) {
case 0xE0u:
res = strdup("overflow(ac0)");
break;
case 0xE1u:
res = strdup ("overflow(ac1)");
break;
case 0xE2u:
res = strdup ("overflow(ac2)");
break;
case 0xE3u:
res = strdup ("overflow(ac3)");
break;
case 0xE4u:
res = strdup ("tc1");
break;
case 0xE5u:
res = strdup ("tc2");
break;
case 0xE6u:
res = strdup ("carry");
break;
case 0xE7u:
res = strdup ("overflow(govf)");
break;
case 0xE8u:
res = strdup ("tc1 & tc2");
break;
case 0xE9u:
res = strdup ("tc1 & !tc2");
break;
case 0xEAu:
res = strdup ("!tc1 & tc2");
break;
case 0xEBu:
res = strdup ("!tc1 & !tc2");
break;
case 0xECu:
res = strdup ("word_mode");
break;
case 0xEDu:
res = strdup ("byte_mode");
break;
case 0xF0u:
res = strdup ("!overflow(ac0)");
break;
case 0xF1u:
res = strdup ("!overflow(ac1)");
break;
case 0xF2u:
res = strdup ("!overflow(ac2)");
break;
case 0xF3u:
res = strdup ("!overflow(ac3)");
break;
case 0xF4u:
res = strdup ("!tc1");
break;
case 0xF5u:
res = strdup ("!tc2");
break;
case 0xF6u:
res = strdup ("!carry");
break;
case 0xF7u:
res = strdup ("!overflow(govf)");
break;
case 0xF8u:
res = strdup ("tc1 | tc2");
break;
case 0xF9u:
res = strdup ("tc1 | !tc2");
break;
case 0xFAu:
res = strdup ("!tc1 | tc2");
break;
case 0xFBu:
res = strdup ("!tc1 | !tc2");
break;
case 0xFCu:
res = strdup ("tc1 ^ tc2");
break;
case 0xFDu:
res = strdup ("tc1 ^ !tc2");
break;
case 0xFEu:
res = strdup ("!tc1 ^ tc2");
break;
case 0xFFu:
res = strdup("!tc1 ^ !tc2");
break;
char *get_opers(ut8 oper_byte) {
char *res = NULL;
ut8 oper_type = 0x00;
char *reg_name = NULL;
switch (oper_byte) {
case 0xE0u:
res = strdup ("overflow(ac0)");
break;
case 0xE1u:
res = strdup ("overflow(ac1)");
break;
case 0xE2u:
res = strdup ("overflow(ac2)");
break;
case 0xE3u:
res = strdup ("overflow(ac3)");
break;
case 0xE4u:
res = strdup ("tc1");
break;
case 0xE5u:
res = strdup ("tc2");
break;
case 0xE6u:
res = strdup ("carry");
break;
case 0xE7u:
res = strdup ("overflow(govf)");
break;
case 0xE8u:
res = strdup ("tc1 & tc2");
break;
case 0xE9u:
res = strdup ("tc1 & !tc2");
break;
case 0xEAu:
res = strdup ("!tc1 & tc2");
break;
case 0xEBu:
res = strdup ("!tc1 & !tc2");
break;
case 0xECu:
res = strdup ("word_mode");
break;
case 0xEDu:
res = strdup ("byte_mode");
break;
case 0xF0u:
res = strdup ("!overflow(ac0)");
break;
case 0xF1u:
res = strdup ("!overflow(ac1)");
break;
case 0xF2u:
res = strdup ("!overflow(ac2)");
break;
case 0xF3u:
res = strdup ("!overflow(ac3)");
break;
case 0xF4u:
res = strdup ("!tc1");
break;
case 0xF5u:
res = strdup ("!tc2");
break;
case 0xF6u:
res = strdup ("!carry");
break;
case 0xF7u:
res = strdup ("!overflow(govf)");
break;
case 0xF8u:
res = strdup ("tc1 | tc2");
break;
case 0xF9u:
res = strdup ("tc1 | !tc2");
break;
case 0xFAu:
res = strdup ("!tc1 | tc2");
break;
case 0xFBu:
res = strdup ("!tc1 | !tc2");
break;
case 0xFCu:
res = strdup ("tc1 ^ tc2");
break;
case 0xFDu:
res = strdup ("tc1 ^ !tc2");
break;
case 0xFEu:
res = strdup ("!tc1 ^ tc2");
break;
case 0xFFu:
res = strdup("!tc1 ^ !tc2");
break;
default:
oper_type = oper_byte >> 5;
if (oper_type != 6 ) {
reg_name = get_reg_name_4 (oper_byte & 0x1F);
switch (oper_type)
{
switch (oper_type) {
case 1u:
res = strcat_dup (reg_name, " != #0", 1);
break;
@ -1120,23 +1078,20 @@ char *get_opers(ut8 oper_byte)
} else {
res = strcat_dup (reg_name, " == #0", 1);
}
}
}
free (reg_name);
return res;
return res;
}
char *get_cmp_op(ut32 idx) {
char *res = NULL;
const char *res = NULL;
switch (idx) {
case 0: res = "=="; break;
case 1: res = "!="; break;
case 2: res = "<"; break;
case 3: res = ">="; break;
}
if (res) {
res = strdup(res);
}
return res;
return res? strdup (res): NULL;
}
char *get_sim_reg (char *reg_arg, ut32 ins_bits) {
@ -1158,10 +1113,10 @@ char *get_sim_reg (char *reg_arg, ut32 ins_bits) {
res = strcat_dup ("@", aux, 2);
break;
case 2:
aux = (char *)malloc(50);
if(!aux)
aux = (char *)calloc (1, 50);
if (!aux) {
return NULL;
}
sprintf (aux, "@#0x%x", code);
res = aux;
break;

31
libr/bin/p/bin_bflt.c
View File

@ -1,22 +1,19 @@
/* radare - LGPL - Copyright 2016 - Oscar Salvador */
#include <r_types.h>
#include <r_util.h>
#include <r_lib.h>
#include <r_bin.h>
#include <r_io.h>
#include "bflt/bflt.h"
static void *load_bytes(RBinFile *arch, const ut8 *buf, ut64 sz, ut64 loaddr, Sdb *sdb) {
struct r_bin_bflt_obj *res;
RBuffer *tbuf = NULL;
if (!buf || !sz || sz == UT64_MAX) {
return NULL;
}
tbuf = r_buf_new ();
RBuffer *tbuf = r_buf_new ();
r_buf_set_bytes (tbuf, buf, sz);
res = r_bin_bflt_new_buf (tbuf);
struct r_bin_bflt_obj *res = r_bin_bflt_new_buf (tbuf);
r_buf_free (tbuf);
return res ? res : NULL;
}
@ -24,9 +21,7 @@ static void *load_bytes(RBinFile *arch, const ut8 *buf, ut64 sz, ut64 loaddr, Sd
static int load(RBinFile *arch) {
const ut8 *bytes = r_buf_buffer (arch->buf);
ut64 sz = r_buf_size (arch->buf);
arch->o->bin_obj =
load_bytes (arch, bytes, sz, arch->o->loadaddr, arch->sdb);
arch->o->bin_obj = load_bytes (arch, bytes, sz, arch->o->loadaddr, arch->sdb);
return arch->o->bin_obj ? true : false;
}
@ -47,12 +42,12 @@ static RList *entries(RBinFile *arch) {
}
static void __patch_reloc(RBuffer *buf, ut32 addr_to_patch, ut32 data_offset) {
ut32 val = data_offset;
r_buf_write_at (buf, addr_to_patch, (void *)&val, 4);
ut8 val[4] = { 0 };
r_write_le32 (val, data_offset);
r_buf_write_at (buf, addr_to_patch, (void *)val, sizeof (val));
}
static int search_old_relocation(struct reloc_struct_t *reloc_table,
ut32 addr_to_patch, int n_reloc) {
static int search_old_relocation(struct reloc_struct_t *reloc_table, ut32 addr_to_patch, int n_reloc) {
int i;
for (i = 0; i < n_reloc; i++) {
if (addr_to_patch == reloc_table[i].data_offset) {
@ -181,10 +176,9 @@ static RList *relocs(RBinFile *arch) {
(ut8 *)&got_entry, sizeof (ut32));
if (!VALID_GOT_ENTRY (got_entry) || len != sizeof (ut32)) {
break;
} else {
got_table[i].addr_to_patch = got_entry;
got_table[i].data_offset = got_entry + BFLT_HDR_SIZE;
}
got_table[i].addr_to_patch = got_entry;
got_table[i].data_offset = got_entry + BFLT_HDR_SIZE;
}
obj->n_got = n_got;
obj->got_table = got_table;
@ -203,7 +197,6 @@ static RList *relocs(RBinFile *arch) {
if (!reloc_table) {
goto out_error;
}
amount = n_reloc * sizeof (ut32);
if (amount < n_reloc || amount > UT32_MAX) {
free (reloc_table);
@ -214,7 +207,6 @@ static RList *relocs(RBinFile *arch) {
free (reloc_table);
goto out_error;
}
if (obj->hdr->reloc_start + amount > obj->size ||
obj->hdr->reloc_start + amount < amount) {
free (reloc_table);
@ -222,8 +214,7 @@ static RList *relocs(RBinFile *arch) {
goto out_error;
}
len = r_buf_read_at (obj->b, obj->hdr->reloc_start,
(ut8 *)reloc_pointer_table,
amount);
(ut8 *)reloc_pointer_table, amount);
if (len != amount) {
free (reloc_table);
free (reloc_pointer_table);

60
libr/core/cmd_search_rop.c
View File

@ -243,23 +243,18 @@ static char* rop_classify_constant(RCore *core, RList *ropList) {
goto continue_error;
}
esil_split_flg (esil_str, &esil_main, &esil_flg);
if (esil_main) {
cmd_anal_esil (core, esil_main);
} else {
cmd_anal_esil (core, esil_str);
}
cmd_anal_esil (core, esil_main? esil_main: esil_str);
out = sdb_querys (core->anal->esil->stats, NULL, 0, "*");
if (out) {
ops_list = parse_list (strstr (out, "ops.list"));
flg_read = parse_list (strstr (out, "flg.read"));
flg_write = parse_list (strstr (out, "flg.write"));
reg_read = parse_list (strstr (out, "reg.read"));
reg_write = parse_list (strstr (out, "reg.write"));
mem_read = parse_list (strstr (out, "mem.read"));
mem_write = parse_list (strstr (out, "mem.write"));
} else {
if (!out) {
goto continue_error;
}
ops_list = parse_list (strstr (out, "ops.list"));
flg_read = parse_list (strstr (out, "flg.read"));
flg_write = parse_list (strstr (out, "flg.write"));
reg_read = parse_list (strstr (out, "reg.read"));
reg_write = parse_list (strstr (out, "reg.write"));
mem_read = parse_list (strstr (out, "mem.read"));
mem_write = parse_list (strstr (out, "mem.write"));
if (!r_list_find (ops_list, "=", (RListComparator)strcmp)) {
goto continue_error;
}
@ -290,10 +285,10 @@ static char* rop_classify_constant(RCore *core, RList *ropList) {
}
}
continue_error:
// coverity may complain here but as long as the pointer is set back to
// NULL is safe that is why is used R_FREE
FREE_ROP;
r_list_free (constants);
// coverity may complain here but as long as the pointer is set back to
// NULL is safe that is why is used R_FREE
FREE_ROP;
r_list_free (constants);
}
return ct;
out_error:
@ -327,11 +322,7 @@ static char* rop_classify_mov(RCore *core, RList *ropList) {
goto out_error;
}
esil_split_flg (esil_str, &esil_main, &esil_flg);
if (esil_main) {
cmd_anal_esil (core, esil_main);
} else {
cmd_anal_esil (core, esil_str);
}
cmd_anal_esil (core, esil_main? esil_main: esil_str);
out = sdb_querys (core->anal->esil->stats, NULL, 0, "*");
if (out) {
ops_list = parse_list (strstr (out, "ops.list"));
@ -437,17 +428,16 @@ static char* rop_classify_arithmetic(RCore *core, RList *ropList) {
}
out = sdb_querys (core->anal->esil->stats, NULL, 0, "*");
// r_cons_println (out);
if (out) {
ops_list = parse_list (strstr (out, "ops.list"));
flg_read = parse_list (strstr (out, "flg.read"));
flg_write = parse_list (strstr (out, "flg.write"));
reg_read = parse_list (strstr (out, "reg.read"));
reg_write = parse_list (strstr (out, "reg.write"));
mem_read = parse_list (strstr (out, "mem.read"));
mem_write = parse_list (strstr (out, "mem.write"));
} else {
if (!out) {
goto continue_error;
}
ops_list = parse_list (strstr (out, "ops.list"));
flg_read = parse_list (strstr (out, "flg.read"));
flg_write = parse_list (strstr (out, "flg.write"));
reg_read = parse_list (strstr (out, "reg.read"));
reg_write = parse_list (strstr (out, "reg.write"));
mem_read = parse_list (strstr (out, "mem.read"));
mem_write = parse_list (strstr (out, "mem.write"));
r_list_foreach (ops_list, iter_ops, op) {
r_list_foreach (head, iter_src1, item_src1) {
@ -676,10 +666,8 @@ static int rop_classify_nops(RCore *core, RList *ropList) {
free (out);
return 0;
}
else {
// directly say NOP
continue;
}
// directly say NOP
continue;
}
return changes;

7
libr/io/p/io_ihex.c
View File

@ -224,7 +224,8 @@ static bool ihex_parse(RBuffer *rbuf, char *str) {
//fugly macro to prevent an overflow of r_buf_write_at() len
#define SEC_MAX (sec_size < INT_MAX)? sec_size: INT_MAX
ut32 sec_size = 0;
sec_tmp = calloc (1, UT16_MAX);
const int sec_count = UT16_MAX;
sec_tmp = calloc (1, sec_count);
if (!sec_tmp) {
goto fail;
}
@ -269,7 +270,9 @@ static bool ihex_parse(RBuffer *rbuf, char *str) {
eprintf ("unparsable data !\n");
goto fail;
}
sec_tmp[sec_size + i] = (ut8) byte & 0xff;
if (sec_size + i < sec_count) {
sec_tmp[sec_size + i] = (ut8) byte & 0xff;
}
cksum += byte;
}
sec_size += bc;

2
libr/util/file.c
View File

@ -282,7 +282,7 @@ R_API char *r_file_slurp(const char *str, int *usz) {
fclose (fd);
return NULL;
}
fseek (fd, 0, SEEK_SET);
(void)fseek (fd, 0, SEEK_SET);
ret = (char *)calloc (sz + 1, 1);
if (!ret) {
fclose (fd);