From 2c5400e03e93db30b899e4f8b9d414b52141674d Mon Sep 17 00:00:00 2001 From: pancake Date: Mon, 19 Dec 2016 04:21:56 +0100 Subject: [PATCH] Fix more CIDs, memleaks mainly --- libr/asm/arch/tms320/c55x_plus/decode_funcs.c | 435 ++++++++---------- libr/bin/p/bin_bflt.c | 31 +- libr/core/cmd_search_rop.c | 60 +-- libr/io/p/io_ihex.c | 7 +- libr/util/file.c | 2 +- 5 files changed, 236 insertions(+), 299 deletions(-) diff --git a/libr/asm/arch/tms320/c55x_plus/decode_funcs.c b/libr/asm/arch/tms320/c55x_plus/decode_funcs.c index 6094ec8b20..ab455c8c29 100644 --- a/libr/asm/arch/tms320/c55x_plus/decode_funcs.c +++ b/libr/asm/arch/tms320/c55x_plus/decode_funcs.c @@ -49,21 +49,17 @@ char *get_trans_reg(ut32 ins_bits) { break; default: - fprintf(stderr, "Invalid transaction instruction 0x%x\n", ins_bits); + fprintf (stderr, "Invalid transaction instruction 0x%x\n", ins_bits); } - if(res != NULL) - res = strdup(res); - - return res; + return res? strdup (res): NULL; } char *get_AR_regs_class1(ut32 ins_bits) { ut32 op = (ins_bits >> 4) & 7; - char *res = (char *)malloc(50); + char *res = (char *)calloc (1, 50); if (!res) { return NULL; } - memset (res, 0, 50); switch (op) { case 0: sprintf(res, "*ar-%ld", (long int)ins_bits & 0xF); @@ -857,237 +853,199 @@ char *get_status_regs_and_bits(char *reg_arg, int reg_bit) { } -char *get_reg_name_4(ut32 idx) -{ - char *res = NULL; +char *get_reg_name_4(ut32 idx) { + char *res = NULL; - switch(idx) { - - case 0: - res = "ac0"; - break; - case 1: - res = "ac1"; - break; - case 2: - res = "ac2"; - break; - case 3: - res = "ac3"; - break; - case 4: - res = "ac4"; - break; - case 5: - res = "ac5"; - break; - case 6: - res = "ac6"; - break; - case 7: - res = "ac7"; - break; - case 8: - res = "t0"; - break; - case 9: - res = "t1"; - break; - case 10: - res = "t2"; - break; - case 11: - res = "t3"; - break; - case 16: - res = "ar0"; - break; - case 17: - res = "ar1"; - break; - case 18: - res = "ar2"; - break; - case 19: - res = "ar3"; - break; - case 20: - res = "ar4"; - break; - case 21: - res = "ar5"; - break; - case 22: - res = "ar6"; - break; - case 23: - res = "ar7"; - break; - case 24: - res = "ac0.l"; - break; - case 25: - res = "ac1.l"; - break; - case 26: - res = "ac2.l"; - break; - case 27: - res = "ac3.l"; - break; - case 28: - res = "ac4.l"; - break; - case 29: - res = "ac5.l"; - break; - case 30: - res = "ac6.l"; - break; - case 31: - res = "ac7.l"; - break; - } - - if(res != NULL) - res = strdup(res); - - return res; + switch (idx) { + case 0: + res = "ac0"; + break; + case 1: + res = "ac1"; + break; + case 2: + res = "ac2"; + break; + case 3: + res = "ac3"; + break; + case 4: + res = "ac4"; + break; + case 5: + res = "ac5"; + break; + case 6: + res = "ac6"; + break; + case 7: + res = "ac7"; + break; + case 8: + res = "t0"; + break; + case 9: + res = "t1"; + break; + case 10: + res = "t2"; + break; + case 11: + res = "t3"; + break; + case 16: + res = "ar0"; + break; + case 17: + res = "ar1"; + break; + case 18: + res = "ar2"; + break; + case 19: + res = "ar3"; + break; + case 20: + res = "ar4"; + break; + case 21: + res = "ar5"; + break; + case 22: + res = "ar6"; + break; + case 23: + res = "ar7"; + break; + case 24: + res = "ac0.l"; + break; + case 25: + res = "ac1.l"; + break; + case 26: + res = "ac2.l"; + break; + case 27: + res = "ac3.l"; + break; + case 28: + res = "ac4.l"; + break; + case 29: + res = "ac5.l"; + break; + case 30: + res = "ac6.l"; + break; + case 31: + res = "ac7.l"; + break; + } + return res? strdup (res): NULL; } -char *get_opers(ut8 oper_byte) -{ - char *res = NULL; - ut8 oper_type = 0x00; - char *reg_name = NULL; - - switch (oper_byte) { - case 0xE0u: - res = strdup("overflow(ac0)"); - break; - - case 0xE1u: - res = strdup ("overflow(ac1)"); - break; - - case 0xE2u: - res = strdup ("overflow(ac2)"); - break; - - case 0xE3u: - res = strdup ("overflow(ac3)"); - break; - - case 0xE4u: - res = strdup ("tc1"); - break; - - case 0xE5u: - res = strdup ("tc2"); - break; - - case 0xE6u: - res = strdup ("carry"); - break; - - case 0xE7u: - res = strdup ("overflow(govf)"); - break; - - case 0xE8u: - res = strdup ("tc1 & tc2"); - break; - - case 0xE9u: - res = strdup ("tc1 & !tc2"); - break; - - case 0xEAu: - res = strdup ("!tc1 & tc2"); - break; - - case 0xEBu: - res = strdup ("!tc1 & !tc2"); - break; - - case 0xECu: - res = strdup ("word_mode"); - break; - - case 0xEDu: - res = strdup ("byte_mode"); - break; - - case 0xF0u: - res = strdup ("!overflow(ac0)"); - break; - - case 0xF1u: - res = strdup ("!overflow(ac1)"); - break; - - case 0xF2u: - res = strdup ("!overflow(ac2)"); - break; - - case 0xF3u: - res = strdup ("!overflow(ac3)"); - break; - - case 0xF4u: - res = strdup ("!tc1"); - break; - - case 0xF5u: - res = strdup ("!tc2"); - break; - - case 0xF6u: - res = strdup ("!carry"); - break; - - case 0xF7u: - res = strdup ("!overflow(govf)"); - break; - - case 0xF8u: - res = strdup ("tc1 | tc2"); - break; - - case 0xF9u: - res = strdup ("tc1 | !tc2"); - break; - - case 0xFAu: - res = strdup ("!tc1 | tc2"); - break; - - case 0xFBu: - res = strdup ("!tc1 | !tc2"); - break; - - case 0xFCu: - res = strdup ("tc1 ^ tc2"); - break; - - case 0xFDu: - res = strdup ("tc1 ^ !tc2"); - break; - - case 0xFEu: - res = strdup ("!tc1 ^ tc2"); - break; - - case 0xFFu: - res = strdup("!tc1 ^ !tc2"); - break; +char *get_opers(ut8 oper_byte) { + char *res = NULL; + ut8 oper_type = 0x00; + char *reg_name = NULL; + switch (oper_byte) { + case 0xE0u: + res = strdup ("overflow(ac0)"); + break; + case 0xE1u: + res = strdup ("overflow(ac1)"); + break; + case 0xE2u: + res = strdup ("overflow(ac2)"); + break; + case 0xE3u: + res = strdup ("overflow(ac3)"); + break; + case 0xE4u: + res = strdup ("tc1"); + break; + case 0xE5u: + res = strdup ("tc2"); + break; + case 0xE6u: + res = strdup ("carry"); + break; + case 0xE7u: + res = strdup ("overflow(govf)"); + break; + case 0xE8u: + res = strdup ("tc1 & tc2"); + break; + case 0xE9u: + res = strdup ("tc1 & !tc2"); + break; + case 0xEAu: + res = strdup ("!tc1 & tc2"); + break; + case 0xEBu: + res = strdup ("!tc1 & !tc2"); + break; + case 0xECu: + res = strdup ("word_mode"); + break; + case 0xEDu: + res = strdup ("byte_mode"); + break; + case 0xF0u: + res = strdup ("!overflow(ac0)"); + break; + case 0xF1u: + res = strdup ("!overflow(ac1)"); + break; + case 0xF2u: + res = strdup ("!overflow(ac2)"); + break; + case 0xF3u: + res = strdup ("!overflow(ac3)"); + break; + case 0xF4u: + res = strdup ("!tc1"); + break; + case 0xF5u: + res = strdup ("!tc2"); + break; + case 0xF6u: + res = strdup ("!carry"); + break; + case 0xF7u: + res = strdup ("!overflow(govf)"); + break; + case 0xF8u: + res = strdup ("tc1 | tc2"); + break; + case 0xF9u: + res = strdup ("tc1 | !tc2"); + break; + case 0xFAu: + res = strdup ("!tc1 | tc2"); + break; + case 0xFBu: + res = strdup ("!tc1 | !tc2"); + break; + case 0xFCu: + res = strdup ("tc1 ^ tc2"); + break; + case 0xFDu: + res = strdup ("tc1 ^ !tc2"); + break; + case 0xFEu: + res = strdup ("!tc1 ^ tc2"); + break; + case 0xFFu: + res = strdup("!tc1 ^ !tc2"); + break; default: oper_type = oper_byte >> 5; if (oper_type != 6 ) { reg_name = get_reg_name_4 (oper_byte & 0x1F); - switch (oper_type) - { + switch (oper_type) { case 1u: res = strcat_dup (reg_name, " != #0", 1); break; @@ -1120,23 +1078,20 @@ char *get_opers(ut8 oper_byte) } else { res = strcat_dup (reg_name, " == #0", 1); } - } + } free (reg_name); - return res; + return res; } char *get_cmp_op(ut32 idx) { - char *res = NULL; + const char *res = NULL; switch (idx) { case 0: res = "=="; break; case 1: res = "!="; break; case 2: res = "<"; break; case 3: res = ">="; break; } - if (res) { - res = strdup(res); - } - return res; + return res? strdup (res): NULL; } char *get_sim_reg (char *reg_arg, ut32 ins_bits) { @@ -1158,10 +1113,10 @@ char *get_sim_reg (char *reg_arg, ut32 ins_bits) { res = strcat_dup ("@", aux, 2); break; case 2: - aux = (char *)malloc(50); - if(!aux) + aux = (char *)calloc (1, 50); + if (!aux) { return NULL; - + } sprintf (aux, "@#0x%x", code); res = aux; break; diff --git a/libr/bin/p/bin_bflt.c b/libr/bin/p/bin_bflt.c index 852d7b1ef5..b539b2b413 100644 --- a/libr/bin/p/bin_bflt.c +++ b/libr/bin/p/bin_bflt.c @@ -1,22 +1,19 @@ /* radare - LGPL - Copyright 2016 - Oscar Salvador */ + #include #include #include #include #include - #include "bflt/bflt.h" static void *load_bytes(RBinFile *arch, const ut8 *buf, ut64 sz, ut64 loaddr, Sdb *sdb) { - struct r_bin_bflt_obj *res; - RBuffer *tbuf = NULL; - if (!buf || !sz || sz == UT64_MAX) { return NULL; } - tbuf = r_buf_new (); + RBuffer *tbuf = r_buf_new (); r_buf_set_bytes (tbuf, buf, sz); - res = r_bin_bflt_new_buf (tbuf); + struct r_bin_bflt_obj *res = r_bin_bflt_new_buf (tbuf); r_buf_free (tbuf); return res ? res : NULL; } @@ -24,9 +21,7 @@ static void *load_bytes(RBinFile *arch, const ut8 *buf, ut64 sz, ut64 loaddr, Sd static int load(RBinFile *arch) { const ut8 *bytes = r_buf_buffer (arch->buf); ut64 sz = r_buf_size (arch->buf); - - arch->o->bin_obj = - load_bytes (arch, bytes, sz, arch->o->loadaddr, arch->sdb); + arch->o->bin_obj = load_bytes (arch, bytes, sz, arch->o->loadaddr, arch->sdb); return arch->o->bin_obj ? true : false; } @@ -47,12 +42,12 @@ static RList *entries(RBinFile *arch) { } static void __patch_reloc(RBuffer *buf, ut32 addr_to_patch, ut32 data_offset) { - ut32 val = data_offset; - r_buf_write_at (buf, addr_to_patch, (void *)&val, 4); + ut8 val[4] = { 0 }; + r_write_le32 (val, data_offset); + r_buf_write_at (buf, addr_to_patch, (void *)val, sizeof (val)); } -static int search_old_relocation(struct reloc_struct_t *reloc_table, - ut32 addr_to_patch, int n_reloc) { +static int search_old_relocation(struct reloc_struct_t *reloc_table, ut32 addr_to_patch, int n_reloc) { int i; for (i = 0; i < n_reloc; i++) { if (addr_to_patch == reloc_table[i].data_offset) { @@ -181,10 +176,9 @@ static RList *relocs(RBinFile *arch) { (ut8 *)&got_entry, sizeof (ut32)); if (!VALID_GOT_ENTRY (got_entry) || len != sizeof (ut32)) { break; - } else { - got_table[i].addr_to_patch = got_entry; - got_table[i].data_offset = got_entry + BFLT_HDR_SIZE; } + got_table[i].addr_to_patch = got_entry; + got_table[i].data_offset = got_entry + BFLT_HDR_SIZE; } obj->n_got = n_got; obj->got_table = got_table; @@ -203,7 +197,6 @@ static RList *relocs(RBinFile *arch) { if (!reloc_table) { goto out_error; } - amount = n_reloc * sizeof (ut32); if (amount < n_reloc || amount > UT32_MAX) { free (reloc_table); @@ -214,7 +207,6 @@ static RList *relocs(RBinFile *arch) { free (reloc_table); goto out_error; } - if (obj->hdr->reloc_start + amount > obj->size || obj->hdr->reloc_start + amount < amount) { free (reloc_table); @@ -222,8 +214,7 @@ static RList *relocs(RBinFile *arch) { goto out_error; } len = r_buf_read_at (obj->b, obj->hdr->reloc_start, - (ut8 *)reloc_pointer_table, - amount); + (ut8 *)reloc_pointer_table, amount); if (len != amount) { free (reloc_table); free (reloc_pointer_table); diff --git a/libr/core/cmd_search_rop.c b/libr/core/cmd_search_rop.c index 5b7ac3a51e..567fef470d 100644 --- a/libr/core/cmd_search_rop.c +++ b/libr/core/cmd_search_rop.c @@ -243,23 +243,18 @@ static char* rop_classify_constant(RCore *core, RList *ropList) { goto continue_error; } esil_split_flg (esil_str, &esil_main, &esil_flg); - if (esil_main) { - cmd_anal_esil (core, esil_main); - } else { - cmd_anal_esil (core, esil_str); - } + cmd_anal_esil (core, esil_main? esil_main: esil_str); out = sdb_querys (core->anal->esil->stats, NULL, 0, "*"); - if (out) { - ops_list = parse_list (strstr (out, "ops.list")); - flg_read = parse_list (strstr (out, "flg.read")); - flg_write = parse_list (strstr (out, "flg.write")); - reg_read = parse_list (strstr (out, "reg.read")); - reg_write = parse_list (strstr (out, "reg.write")); - mem_read = parse_list (strstr (out, "mem.read")); - mem_write = parse_list (strstr (out, "mem.write")); - } else { + if (!out) { goto continue_error; } + ops_list = parse_list (strstr (out, "ops.list")); + flg_read = parse_list (strstr (out, "flg.read")); + flg_write = parse_list (strstr (out, "flg.write")); + reg_read = parse_list (strstr (out, "reg.read")); + reg_write = parse_list (strstr (out, "reg.write")); + mem_read = parse_list (strstr (out, "mem.read")); + mem_write = parse_list (strstr (out, "mem.write")); if (!r_list_find (ops_list, "=", (RListComparator)strcmp)) { goto continue_error; } @@ -290,10 +285,10 @@ static char* rop_classify_constant(RCore *core, RList *ropList) { } } continue_error: - // coverity may complain here but as long as the pointer is set back to - // NULL is safe that is why is used R_FREE - FREE_ROP; - r_list_free (constants); + // coverity may complain here but as long as the pointer is set back to + // NULL is safe that is why is used R_FREE + FREE_ROP; + r_list_free (constants); } return ct; out_error: @@ -327,11 +322,7 @@ static char* rop_classify_mov(RCore *core, RList *ropList) { goto out_error; } esil_split_flg (esil_str, &esil_main, &esil_flg); - if (esil_main) { - cmd_anal_esil (core, esil_main); - } else { - cmd_anal_esil (core, esil_str); - } + cmd_anal_esil (core, esil_main? esil_main: esil_str); out = sdb_querys (core->anal->esil->stats, NULL, 0, "*"); if (out) { ops_list = parse_list (strstr (out, "ops.list")); @@ -437,17 +428,16 @@ static char* rop_classify_arithmetic(RCore *core, RList *ropList) { } out = sdb_querys (core->anal->esil->stats, NULL, 0, "*"); // r_cons_println (out); - if (out) { - ops_list = parse_list (strstr (out, "ops.list")); - flg_read = parse_list (strstr (out, "flg.read")); - flg_write = parse_list (strstr (out, "flg.write")); - reg_read = parse_list (strstr (out, "reg.read")); - reg_write = parse_list (strstr (out, "reg.write")); - mem_read = parse_list (strstr (out, "mem.read")); - mem_write = parse_list (strstr (out, "mem.write")); - } else { + if (!out) { goto continue_error; } + ops_list = parse_list (strstr (out, "ops.list")); + flg_read = parse_list (strstr (out, "flg.read")); + flg_write = parse_list (strstr (out, "flg.write")); + reg_read = parse_list (strstr (out, "reg.read")); + reg_write = parse_list (strstr (out, "reg.write")); + mem_read = parse_list (strstr (out, "mem.read")); + mem_write = parse_list (strstr (out, "mem.write")); r_list_foreach (ops_list, iter_ops, op) { r_list_foreach (head, iter_src1, item_src1) { @@ -676,10 +666,8 @@ static int rop_classify_nops(RCore *core, RList *ropList) { free (out); return 0; } - else { - // directly say NOP - continue; - } + // directly say NOP + continue; } return changes; diff --git a/libr/io/p/io_ihex.c b/libr/io/p/io_ihex.c index f86d3bbce9..436538c621 100644 --- a/libr/io/p/io_ihex.c +++ b/libr/io/p/io_ihex.c @@ -224,7 +224,8 @@ static bool ihex_parse(RBuffer *rbuf, char *str) { //fugly macro to prevent an overflow of r_buf_write_at() len #define SEC_MAX (sec_size < INT_MAX)? sec_size: INT_MAX ut32 sec_size = 0; - sec_tmp = calloc (1, UT16_MAX); + const int sec_count = UT16_MAX; + sec_tmp = calloc (1, sec_count); if (!sec_tmp) { goto fail; } @@ -269,7 +270,9 @@ static bool ihex_parse(RBuffer *rbuf, char *str) { eprintf ("unparsable data !\n"); goto fail; } - sec_tmp[sec_size + i] = (ut8) byte & 0xff; + if (sec_size + i < sec_count) { + sec_tmp[sec_size + i] = (ut8) byte & 0xff; + } cksum += byte; } sec_size += bc; diff --git a/libr/util/file.c b/libr/util/file.c index 02172b722c..2e6e56ebf3 100644 --- a/libr/util/file.c +++ b/libr/util/file.c @@ -282,7 +282,7 @@ R_API char *r_file_slurp(const char *str, int *usz) { fclose (fd); return NULL; } - fseek (fd, 0, SEEK_SET); + (void)fseek (fd, 0, SEEK_SET); ret = (char *)calloc (sz + 1, 1); if (!ret) { fclose (fd);