Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-11-24 13:49:50 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fix 1 byte oobread in the cris analysis plugin ##crash

Browse Source
This commit is contained in:
pancake 2022-04-01 21:03:24 +02:00
parent 0e4a8b95b2
commit 605785b65d
1 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libr/anal/p/anal_cris.c
View File

@ -1,4 +1,4 @@
/* radare2 - LGPL - Copyright 2014-2015 - pancake */
/* radare2 - LGPL - Copyright 2014-2022 - pancake */
#include <r_asm.h>
#include <r_lib.h>
@ -7,6 +7,9 @@ static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAn
int opsize = -1;
op->type = -1;
opsize = 2;
if (len < 1) {
return -1;
}
switch (buf[0]) {
case 0x3f:
case 0x4f:
@ -46,6 +49,9 @@ static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAn
opsize = 6;
break;
case 0x00:
if (len < 2) {
break;
}
if (buf[1] == 0x00) {
op->type = R_ANAL_OP_TYPE_TRAP;
} else {
@ -57,11 +63,17 @@ static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAn
}
break;
case 0xf0:
if (len < 2) {
break;
}
if (buf[1] == 0xb9) {
op->type = R_ANAL_OP_TYPE_RET;
}
break;
default:
if (len < 2) {
break;
}
switch (buf[1]) {
case 0x00:
op->type = R_ANAL_OP_TYPE_CJMP; // BCC
@ -242,6 +254,7 @@ static bool set_reg_profile(RAnal *anal) {
"=PC pc\n"
"=SP r14\n" // XXX
"=BP srp\n" // XXX
"=SN r0\n"
"=A0 r0\n"
"=A1 r1\n"
"=A2 r2\n"