From 3081163a9e493b493f2571bbcb8712ae98ed6cdc Mon Sep 17 00:00:00 2001 From: pancake Date: Tue, 11 Apr 2017 19:17:40 +0200 Subject: [PATCH] Fix two java crashes --- shlr/java/Makefile | 1 + shlr/java/class.c | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/shlr/java/Makefile b/shlr/java/Makefile index c036d4db45..02afed6f3d 100644 --- a/shlr/java/Makefile +++ b/shlr/java/Makefile @@ -20,6 +20,7 @@ CFLAGS+=${PIC_CFLAGS} ifneq (,$(findstring mingw32,${OSTYPE})) CFLAGS+=-DMINGW32=1 endif +CFLAGS+=-g CFLAGS+=-I../../libr/include LDFLAGS+=-L../../libr/util diff --git a/shlr/java/class.c b/shlr/java/class.c index 07bcb7940d..397f492ffb 100644 --- a/shlr/java/class.c +++ b/shlr/java/class.c @@ -268,7 +268,7 @@ R_API ut8 *r_bin_java_cp_get_name_type(RBinJavaObj *bin, ut32 *out_sz, ut16 name R_API char *convert_string(const char *bytes, ut32 len) { ut32 idx = 0, pos = 0; - ut32 str_sz = 4 * len + 1; + ut32 str_sz = 32 * len + 1; char *cpy_buffer = len > 0 ? malloc (str_sz) : NULL; if (!cpy_buffer) { return cpy_buffer; @@ -1614,8 +1614,12 @@ R_API RBinJavaCPTypeObj *r_bin_java_read_next_constant_pool_item(RBinJavaObj *bi } buf_sz += java_constant_info->len; if (java_constant_info->tag == 1) { - str_len = R_BIN_JAVA_USHORT (buf, offset + 1); - buf_sz += str_len; + if (offset + 32 < len) { + str_len = R_BIN_JAVA_USHORT (buf, offset + 1); + buf_sz += str_len; + } else { + return NULL; + } } cp_buf = calloc (buf_sz, 1); if (!cp_buf) { @@ -1780,7 +1784,7 @@ R_API char *r_bin_java_get_utf8_from_cp_item_list(RList *cp_list, ut64 idx) { return NULL; } item = (RBinJavaCPTypeObj *) r_list_get_n (cp_list, idx); - if (item && (item->tag == R_BIN_JAVA_CP_UTF8) && item->metas->ord == idx) { + if (item && item->tag == R_BIN_JAVA_CP_UTF8 && item->metas->ord == idx) { value = convert_string ((const char *) item->info.cp_utf8.bytes, item->info.cp_utf8.length); } if (value == NULL) {