Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-20 14:21:25 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix some overflow-related covs

Browse Source
This commit is contained in:
pancake 2016-10-26 23:40:17 +02:00
parent 8d37adc546
commit 589ac97bda
6 changed files with 76 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libr/anal/op.c
View File

@ -38,10 +38,15 @@ R_API bool r_anal_op_fini(RAnalOp *op) {
return false;
}
r_anal_var_free (op->var);
op->var = NULL;
r_anal_value_free (op->src[0]);
r_anal_value_free (op->src[1]);
r_anal_value_free (op->src[2]);
op->src[0] = NULL;
op->src[1] = NULL;
op->src[2] = NULL;
r_anal_value_free (op->dst);
op->dst = NULL;
r_strbuf_fini (&op->esil);
r_anal_switch_op_free (op->switch_op);
R_FREE (op->mnemonic);

4
libr/asm/p/asm_x86_olly.c
View File

@ -33,9 +33,9 @@ static int assemble(RAsm *a, RAsmOp *op, const char *buf) {
}
}
}
op->size = R_MAX (0, Assemble((char*)buf, a->pc, &asm_obj, oattempt, oconstsize, buf_err));
op->size = R_MAX (0, Assemble ((char*)buf, a->pc, &asm_obj, oattempt, oconstsize, buf_err));
if (op->size > 0) {
memcpy (op->buf, asm_obj.code, R_MIN(op->size, sizeof (op->buf)));
memcpy (op->buf, asm_obj.code, R_MIN (R_MIN (16, op->size), sizeof (op->buf)));
}
return op->size;
}

13
libr/core/core.c
View File

@ -846,19 +846,22 @@ openfile:
const char *msg = line->buffer.data + 3;
RFlag *flag = core->flags;
int j, i = 0;
for (j=0; j<R_FLAG_SPACES_MAX-1; j++) {
for (j = 0; j < R_FLAG_SPACES_MAX - 1; j++) {
if (flag->spaces[j] && flag->spaces[j][0]) {
if (i == TMP_ARGV_SZ - 1) {
break;
}
if (!strncmp (msg, flag->spaces[j], strlen (msg))) {
tmp_argv[i++] = flag->spaces[j];
if (i + 1 < TMP_ARGV_SZ) {
tmp_argv[i++] = flag->spaces[j];
}
}
}
}
if (flag->spaces[j] && !strncmp (msg, flag->spaces[j],
strlen (msg))) {
tmp_argv[i++] = "*";
if (flag->spaces[j] && !strncmp (msg, flag->spaces[j], strlen (msg))) {
if (i + 1 < TMP_ARGV_SZ) {
tmp_argv[i++] = "*";
}
}
tmp_argv[i] = NULL;
line->completion.argc = i;

47
libr/io/buffer.c
View File

@ -1,4 +1,4 @@
/* radare - LGPL - Copyright 2013 - pancake */
/* radare - LGPL - Copyright 2013-2016 - pancake */
#include "r_io.h"
@ -11,14 +11,18 @@ R_API int r_io_buffer_load(RIO* io, ut64 addr, int len) {
ut64 at;
int i, r;
ut8 buf[512];
if (len<1) return false;
if (len < 1) {
return false;
}
io->buffer_enabled = 0;
for (i=0; i<len; i+=sizeof (buf)) {
at = addr+i;
r_io_seek (io, at, R_IO_SEEK_SET);
for (i = 0; i < len; i += sizeof (buf)) {
at = addr + i;
(void) r_io_seek (io, at, R_IO_SEEK_SET);
memset (buf, 0xff, sizeof (buf));
r = r_io_read (io, buf, sizeof (buf));
if (r<1) break;
if (r < 1) {
break;
}
r_cache_set (io->buffer, at, buf, sizeof (buf));
}
io->buffer_enabled = 1;
@ -35,19 +39,32 @@ R_API int r_io_buffer_read (RIO *io, ut64 addr, ut8* buf, int len) {
// align addr if out of buffer if its mapped on io //
ret = r_cache_get (io->buffer, addr, &l);
if (!ret) {
if (l<1) return 0; // no next block in buffer cache
if (l>len) return 0; // next block too far
if (l < 1) {
return 0; // no next block in buffer cache
}
if (l > len) {
return 0; // next block too far
}
next = l;
ret = r_cache_get (io->buffer, addr+next+1, &l);
if (!ret) return 0;
if (l<len) memset (buf+l, 0xff, (len-l));
if (l>len) l = len;
ret = r_cache_get (io->buffer, addr + next + 1, &l);
if (!ret) {
return 0;
}
if (l < len) {
memset (buf + l, 0xff, len - l);
}
if (l > len) {
l = len;
}
memset (buf, 0xff, next);
memcpy (buf+next, ret, (len-next));
memcpy (buf + next, ret, len - next);
return len;
}
if (l>len) l = len;
else if (l<len) memset (buf+l, 0xff, (len-l));
if (l > len) {
l = len;
} else if (l < len) {
memset (buf + l, 0xff, len - l);
}
memcpy (buf, ret, l);
return l;
}

15
libr/io/map.c
View File

@ -128,8 +128,9 @@ static RList *r_io_map_get_maps_in_range_prepend(RIO *io, ut64 addr, ut64 endadd
R_API RIOMap *r_io_map_resolve_in_range (RIO *io, ut64 addr, ut64 endaddr, int fd) {
RList *maps;
RIOMap *map;
if (!io || !io->maps)
if (!io || !io->maps) {
return NULL;
}
maps = r_io_map_get_maps_in_range_prepend (io, addr, endaddr);
map = r_io_map_resolve_from_list (maps, fd);
r_list_free (maps);
@ -279,17 +280,19 @@ R_API ut64 r_io_map_select(RIO *io, ut64 off) {
}
if (done == 0) {
r_io_use_fd (io, fd);
r_io_seek (io, -1, R_IO_SEEK_SET);
(void)r_io_seek (io, -1, R_IO_SEEK_SET);
return paddr;
}
if (fd == -1) {
r_io_seek (io, off, R_IO_SEEK_SET);
(void)r_io_seek (io, off, R_IO_SEEK_SET);
return off;
}
r_io_use_fd (io, fd);
if (io->debug) /* HACK */
r_io_seek (io, off, R_IO_SEEK_SET);
else r_io_seek (io, paddr, R_IO_SEEK_SET);
if (io->debug) {/* HACK */
(void)r_io_seek (io, off, R_IO_SEEK_SET);
} else {
r_io_seek (io, paddr, R_IO_SEEK_SET);
}
r_io_use_fd (io, fd);
return paddr;
}

29
libr/util/print.c
View File

@ -1351,7 +1351,7 @@ R_API char * r_print_colorize_opcode (char *p, const char *reg, const char *num)
#define STRIP_ANSI 1
#if STRIP_ANSI
/* skip until 'm' */
for (++i;p[i] && p[i] != 'm'; i++) {
for (++i; p[i] && p[i] != 'm'; i++) {
o[j] = p[i];
}
continue;
@ -1378,8 +1378,14 @@ R_API char * r_print_colorize_opcode (char *p, const char *reg, const char *num)
if (p[i + 1] == ' ' && p[i + 2] == 'L') {
strcpy (o + j, num);
j += strlen (num);
strcpy (o + j , p + i);
return strdup (o);
if (j + p + i <= o + sizeof (o)) {
int len = strlen (p + i);
len = R_MIN (len, sizeof (o));
strncpy (o + j , p + i, len);
o[len] = 0;
return strdup (o);
}
return o;
}
if (is_float) {
/* do nothing, keep going until next */
@ -1390,7 +1396,7 @@ R_API char * r_print_colorize_opcode (char *p, const char *reg, const char *num)
eprintf ("r_print_colorize_opcode(): buffer overflow!\n");
return strdup (p);
}
strcpy (o+j, Color_RESET);
strcpy (o + j, Color_RESET);
j += strlen (Color_RESET);
o[j++] = p[i];
if (p[i] == '$' || ((p[i] > '0') && (p[i] < '9'))) {
@ -1421,7 +1427,7 @@ R_API char * r_print_colorize_opcode (char *p, const char *reg, const char *num)
// find if next ',' before ' ' is found
is_mod = 0;
is_float = 0;
for (k = i+1; p[k]; k++) {
for (k = i + 1; p[k]; k++) {
if (p[k] == 'e' && p[k + 1] == '+') {
is_float = 1;
break;
@ -1476,7 +1482,7 @@ R_API char * r_print_colorize_opcode (char *p, const char *reg, const char *num)
opcode_sz += 21;
/* free (t_o); */
}
strcpy (o+j, Color_RESET);
strcpy (o + j, Color_RESET);
//strcpy (p, o); // may overflow .. but shouldnt because asm.buf_asm is big enought
return strdup (o);
}
@ -1489,7 +1495,9 @@ R_API void r_print_init_rowoffsets (RPrint *p) {
// set the offset, from the start of the printing, of the i-th row
R_API void r_print_set_rowoff (RPrint *p, int i, ut32 offset) {
if (i < 0) return;
if (i < 0) {
return;
}
if (!p->row_offsets || !p->row_offsets_sz) {
p->row_offsets_sz = R_MAX(i + 1, DFLT_ROWS);
p->row_offsets = R_NEWS (ut32, p->row_offsets_sz);
@ -1498,8 +1506,9 @@ R_API void r_print_set_rowoff (RPrint *p, int i, ut32 offset) {
size_t new_size;
p->row_offsets_sz *= 2;
//XXX dangerous
while (i >= p->row_offsets_sz)
while (i >= p->row_offsets_sz) {
p->row_offsets_sz *= 2;
}
new_size = sizeof (ut32) * p->row_offsets_sz;
p->row_offsets = realloc (p->row_offsets, new_size);
}
@ -1509,7 +1518,9 @@ R_API void r_print_set_rowoff (RPrint *p, int i, ut32 offset) {
// return the offset, from the start of the printing, of the i-th row.
// if the line index is not valid, UT32_MAX is returned.
R_API ut32 r_print_rowoff (RPrint *p, int i) {
if (i < 0 || i >= p->row_offsets_sz) return UT32_MAX;
if (i < 0 || i >= p->row_offsets_sz) {
return UT32_MAX;
}
return p->row_offsets[i];
}