Fix oobread in the xcoff64 parser ##crash

2024-11-24 05:40:10 +00:00 · 2023-04-12 18:07:13 +02:00 · 2023-04-12 18:07:13 +02:00 · 3456d0d16e
commit 3456d0d16e
parent 90dc5c64f7
2 changed files with 3 additions and 0 deletions
--- a/doc/fortunes.fun
+++ b/doc/fortunes.fun
@ -321,3 +321,4 @@ Watch until the end!
 Don't forget to subscribe!
 Ah shit, here we go again.
 Checking whether this software can be played...
+Will it blend?
--- a/libr/bin/format/coff/xcoff64.c
+++ b/libr/bin/format/coff/xcoff64.c
@ -88,6 +88,8 @@ static bool r_bin_xcoff64_init_scn_hdr(RBinXCoff64Obj *obj) {
 	ut64 offset = sizeof (struct xcoff64_hdr) + obj->hdr.f_opthdr;
 	size = obj->hdr.f_nscns * sizeof (struct xcoff64_scn_hdr);
 	if (offset > obj->size || offset + size > obj->size || size < 0) {
+		obj->hdr.f_nscns = 0;
+		obj->scn_hdrs = NULL;
 		return false;
 	}
 	obj->scn_hdrs = calloc (1, size + sizeof (struct xcoff64_scn_hdr));