From 359846b0d1601c3760edd0b9d67b3e376f1a4418 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Mon, 18 Aug 2014 14:22:18 +0200
Subject: [PATCH] Fix some buffer overflow

---
 binr/rax2/rax2.c   | 2 +-
 libr/core/asm.c    | 2 +-
 libr/core/core.c   | 2 +-
 libr/core/disasm.c | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/binr/rax2/rax2.c b/binr/rax2/rax2.c
index f68e4b5c16..80ca57e0ee 100644
--- a/binr/rax2/rax2.c
+++ b/binr/rax2/rax2.c
@@ -274,7 +274,7 @@ static int use_stdin () {
 	static char buf[STDIN_BUFFER_SIZE];
 	int l, sflag = (flags & 5);
 	for (l=0; l>=0; l++) {
-		int n = read (0, buf+l, sizeof (buf)-l);
+		int n = read (0, buf+l, sizeof (buf)-l-1);
 		if (n<1) break;
 		l+= n;
 		if (buf[l-1]==0) {
diff --git a/libr/core/asm.c b/libr/core/asm.c
index 1b875c5cef..653191e52d 100644
--- a/libr/core/asm.c
+++ b/libr/core/asm.c
@@ -87,7 +87,7 @@ R_API RList *r_core_asm_strsearch(RCore *core, const char *input, ut64 from, ut6
 		return NULL;
 	}
 	tokens[0] = NULL;
-	for (tokcount=0; tokcount<sizeof (tokens)-1; tokcount++) {
+	for (tokcount=0; tokcount<(sizeof (tokens) / sizeof (char*)) - 1; tokcount++) {
 		tok = strtok (tokcount? NULL: ptr, ",");
 		if (tok == NULL)
 			break;
diff --git a/libr/core/core.c b/libr/core/core.c
index 5f1a76868a..c0cec53105 100644
--- a/libr/core/core.c
+++ b/libr/core/core.c
@@ -363,7 +363,7 @@ static int autocomplete(RLine *line) {
 						break;
 				}
 			}
-			tmp_argv[i] = NULL;
+			tmp_argv[i>255?255:i] = NULL;
 			line->completion.argc = i;
 			line->completion.argv = tmp_argv;
 		} else
diff --git a/libr/core/disasm.c b/libr/core/disasm.c
index 809b287204..9528ca32cd 100644
--- a/libr/core/disasm.c
+++ b/libr/core/disasm.c
@@ -1213,7 +1213,7 @@ static void handle_print_indent (RCore *core, RDisasmState *ds) {
 		char indent[128];
 		int num = ds->indent_level;
 		if (num<0) num = 0;
-		if (num>sizeof (indent))
+		if (num>=sizeof (indent))
 			num = sizeof(indent)-1;
 		memset (indent, ' ', num);
 		indent[num] = 0;