Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-11-23 13:19:54 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fix recently introduced oobwrite in RAnal.op()

Browse Source
This commit is contained in:
pancake 2023-06-22 00:21:56 +02:00
parent 6d16d55c00
commit 4a42dd689b
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/fortunes.tips
View File

@ -85,3 +85,4 @@ Use /m to carve for known magic headers. speedup with search.
You can use registers in math expressions. For example: 'wx 1234 @ esp - 2'
For HTTP authentication 'e http.auth = 1', 'e http.authfile = <path>'
Tip: do 'r2pm -i r2premium; echo "e cfg.fortunes.type = nsfw" >> ~/.radare2rc' for a premium r2 experience
Use the `:` command To run the io plugin cmd callback, many io plugins provide useful features, find them out!

4
libr/anal/op.c
View File

@ -161,7 +161,7 @@ R_API int r_anal_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int le
op->size = pcalign - (addr % pcalign);
r_anal_op_set_mnemonic (op, addr, "unaligned");
if (op->size > len) {
ut8 *fakedata = r_mem_dup (data, op->size);
ut8 *fakedata = r_mem_dup (data, len);
if (fakedata) {
r_anal_op_set_bytes (op, addr, fakedata, op->size);
free (fakedata);
@ -173,7 +173,7 @@ R_API int r_anal_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int le
}
int ret = R_MIN (2, len);
if (len > 0 && anal->uses == 2 && anal->arch->session) {
r_anal_op_set_bytes (op, addr, data, len); // R_MIN (len, 8));
r_anal_op_set_bytes (op, addr, data, len);
if (!r_arch_decode (anal->arch, op, mask) || op->size <= 0) {
op->type = R_ANAL_OP_TYPE_ILL;
op->size = r_anal_archinfo (anal, R_ANAL_ARCHINFO_INV_OP_SIZE);