From 4a42dd689b50f769c22d31ba1baa6c220454b0e8 Mon Sep 17 00:00:00 2001 From: pancake Date: Thu, 22 Jun 2023 00:21:56 +0200 Subject: [PATCH] Fix recently introduced oobwrite in RAnal.op() --- doc/fortunes.tips | 1 + libr/anal/op.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/fortunes.tips b/doc/fortunes.tips index 77d391f96c..cc09a5e4a6 100644 --- a/doc/fortunes.tips +++ b/doc/fortunes.tips @@ -85,3 +85,4 @@ Use /m to carve for known magic headers. speedup with search. You can use registers in math expressions. For example: 'wx 1234 @ esp - 2' For HTTP authentication 'e http.auth = 1', 'e http.authfile = ' Tip: do 'r2pm -i r2premium; echo "e cfg.fortunes.type = nsfw" >> ~/.radare2rc' for a premium r2 experience +Use the `:` command To run the io plugin cmd callback, many io plugins provide useful features, find them out! diff --git a/libr/anal/op.c b/libr/anal/op.c index d46b253805..707d802dac 100644 --- a/libr/anal/op.c +++ b/libr/anal/op.c @@ -161,7 +161,7 @@ R_API int r_anal_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int le op->size = pcalign - (addr % pcalign); r_anal_op_set_mnemonic (op, addr, "unaligned"); if (op->size > len) { - ut8 *fakedata = r_mem_dup (data, op->size); + ut8 *fakedata = r_mem_dup (data, len); if (fakedata) { r_anal_op_set_bytes (op, addr, fakedata, op->size); free (fakedata); @@ -173,7 +173,7 @@ R_API int r_anal_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int le } int ret = R_MIN (2, len); if (len > 0 && anal->uses == 2 && anal->arch->session) { - r_anal_op_set_bytes (op, addr, data, len); // R_MIN (len, 8)); + r_anal_op_set_bytes (op, addr, data, len); if (!r_arch_decode (anal->arch, op, mask) || op->size <= 0) { op->type = R_ANAL_OP_TYPE_ILL; op->size = r_anal_archinfo (anal, R_ANAL_ARCHINFO_INV_OP_SIZE);