Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-03 20:22:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Control array boundaries for DEX classes to fix #1541

Browse Source
This commit is contained in:
pancake 2014-10-28 16:59:23 +01:00
parent 405ca532a1
commit 3aaa6e980c
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libr/bin/p/bin_dex.c
View File

@ -179,6 +179,10 @@ static RList* strings (RBinFile *arch) {
int i, len;
ut8 buf[6];
if (bin->header.strings_size>bin->size) {
bin->strings = NULL;
return R_FALSE;
}
if (!(ret = r_list_new ()))
return NULL;
ret->free = free;
@ -294,6 +298,10 @@ static int dex_loadcode(RBinFile *arch, RBinDexObj *bin) {
bin->imports_list = r_list_new ();
bin->imports_list->free = free;
if (bin->header.method_size>bin->size) {
bin->header.method_size = 0;
return R_FALSE;
}
methods = calloc (sizeof (int), bin->header.method_size);
if (!methods)
return R_FALSE;
@ -496,6 +504,10 @@ static RList* classes (RBinFile *arch) {
if (!(ret = r_list_new ()))
return NULL;
ret->free = (RListFree)__r_bin_class_free;
if (bin->header.class_size>bin->size) {
eprintf ("Too many classes %d\n", bin->header.class_size);
return NULL;
}
for (i = 0; i < bin->header.class_size; i++) {
// ETOOSLOW
r_buf_read_at (bin->b, (ut64) bin->header.class_offset