Fix #19739 - Fix oobread in pv* and fix bug in pvj ##print

2024-11-23 21:29:49 +00:00 · 2022-02-21 13:03:50 +01:00 · 2022-02-21 13:03:50 +01:00 · 6691d80989
commit 6691d80989
parent 1face81feb
3 changed files with 107 additions and 10 deletions
--- a/libr/core/cmd_print.c
+++ b/libr/core/cmd_print.c
@ -3251,7 +3251,9 @@ static void cmd_print_pv(RCore *core, const char *input, bool useBytes) {
 		for (i = 0; i < repeat; i++) {
 			const bool be = core->print->big_endian;
 			ut64 at = core->offset + (i * n);
-			ut8 *b = block + (i * n);
+			ut8 buf[8];
+			r_io_read_at (core->io, at, buf, sizeof (buf));
+			ut8 *b = buf;
 			switch (n) {
 			case 1:
 				r_cons_printf ("f pval.0x%08"PFMT64x"=%d\n", at, r_read_ble8 (b));
@ -3277,10 +3279,10 @@ static void cmd_print_pv(RCore *core, const char *input, bool useBytes) {
 		}
 		pj_a (pj);
 		ut64 at = core->offset;
-		ut64 oldAt = at;
 		for (i = 0; i < repeat; i++) {
-			r_core_seek (core, at, false);
-			char *str = r_core_cmd_str (core, "ps");
+			ut8 buf[8];
+			r_io_read_at (core->io, at, buf, sizeof (buf));
+			char *str = r_core_cmd_strf (core, "ps@0x%"PFMT64x, at);
 			r_str_trim (str);
 			char *p = str;
 			if (p) {
@ -3298,20 +3300,21 @@ static void cmd_print_pv(RCore *core, const char *input, bool useBytes) {
 			pj_k (pj, "value");
 			switch (n) {
 			case 1:
-				pj_i (pj, r_read_ble8 (block));
+				pj_i (pj, r_read_ble8 (buf));
 				break;
 			case 2:
-				pj_i (pj, r_read_ble16 (block, core->print->big_endian));
+				pj_i (pj, r_read_ble16 (buf, core->print->big_endian));
 				break;
 			case 4:
-				pj_n (pj, (ut64)r_read_ble32 (block, core->print->big_endian));
+				pj_n (pj, (ut64)r_read_ble32 (buf, core->print->big_endian));
 				break;
 			case 8:
 			default:
-				pj_n (pj, r_read_ble64 (block, core->print->big_endian));
+				pj_n (pj, r_read_ble64 (buf, core->print->big_endian));
 				break;
 			}
 			pj_ks (pj, "string", str);
+			pj_kn (pj, "address", at);
 			pj_end (pj);
 			free (str);
 			at += n;
@ -3319,7 +3322,6 @@ static void cmd_print_pv(RCore *core, const char *input, bool useBytes) {
 		pj_end (pj);
 		r_cons_println (pj_string (pj));
 		pj_free (pj);
-		r_core_seek (core, oldAt, false);
 		break;
 	}
 	case 'e': // "pve"
--- a/test/db/cmd/cmd_print
+++ b/test/db/cmd/cmd_print
@ -20,6 +20,101 @@ EXPECT=<<EOF
 EOF
 RUN

+NAME=pvXj
+FILE=-
+CMDS=<<EOF
+woe 1
+pv* 3
+?e --
+pvj 3~{}
+?e --
+pv2j 3~{}
+?e --
+pv1j 3~{}
+?e --
+pv8j 3~{}
+?e --
+EOF
+EXPECT=<<EOF
+f pval.0x00000000=506097522914230528
+f pval.0x00000008=1084818905618843912
+f pval.0x00000010=1663540288323457296
+--
+[
+  {
+    "value": 506097522914230528,
+    "string": "",
+    "address": 0
+  },
+  {
+    "value": 1084818905618843912,
+    "string": "\\x09\n\\x0c\\x0e\\x10\\x12\\x14\\x16\\x18\\x1a\\x1c\\x1e !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 8
+  },
+  {
+    "value": 1663540288323457296,
+    "string": "\\x11\\x13\\x15\\x17\\x19\\x1b\\x1d\\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 16
+  }
+]
+--
+[
+  {
+    "value": 256,
+    "string": "",
+    "address": 0
+  },
+  {
+    "value": 770,
+    "string": "\\x03\\x05\\x07\\x09\n\\x0c\\x0e\\x10\\x12\\x14\\x16\\x18\\x1a\\x1c\\x1e !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 2
+  },
+  {
+    "value": 1284,
+    "string": "\\x05\\x07\\x09\n\\x0c\\x0e\\x10\\x12\\x14\\x16\\x18\\x1a\\x1c\\x1e !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 4
+  }
+]
+--
+[
+  {
+    "value": 0,
+    "string": "",
+    "address": 0
+  },
+  {
+    "value": 1,
+    "string": "\\x02\\x04\\x06\\x08\n\\x0c\\x0e\\x10\\x12\\x14\\x16\\x18\\x1a\\x1c\\x1e !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 1
+  },
+  {
+    "value": 2,
+    "string": "\\x03\\x05\\x07\\x09\n\\x0c\\x0e\\x10\\x12\\x14\\x16\\x18\\x1a\\x1c\\x1e !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 2
+  }
+]
+--
+[
+  {
+    "value": 506097522914230528,
+    "string": "",
+    "address": 0
+  },
+  {
+    "value": 1084818905618843912,
+    "string": "\\x09\n\\x0c\\x0e\\x10\\x12\\x14\\x16\\x18\\x1a\\x1c\\x1e !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 8
+  },
+  {
+    "value": 1663540288323457296,
+    "string": "\\x11\\x13\\x15\\x17\\x19\\x1b\\x1d\\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\\x80\\x82\\x84\\x86\\x88\\x8a\\x8c\\x8e\\x90\\x92\\x94\\x96\\x98\\x9a\\x9c\\x9e\\xa0\\xa2\\xa4\\xa6\\xa8\\xaa\\xac\\xae\\xb0\\xb2\\xb4\\xb6\\xb8\\xba\\xbc\\xbe\\xc0\\xc2\\xc4\\xc6\\xc8\\xca\\xcc\\xce\\xd0\\xd2\\xd4\\xd6\\xd8\\xda\\xdc\\xde\\xe0\\xe2\\xe4\\xe6\\xe8\\xea\\xec\\xee\\xf0\\xf2\\xf4\\xf6\\xf8\\xfa\\xfc\\xfe",
+    "address": 16
+  }
+]
+--
+EOF
+RUN
+
 NAME=pv3
 FILE=malloc://1024
 CMDS=<<EOF
--- a/test/db/cmd/cmd_print_misc
+++ b/test/db/cmd/cmd_print_misc
@ -2,6 +2,6 @@ NAME=pvj JSON indent - crash
 FILE=-
 CMDS=pvj ~{
 EXPECT=<<EOF
-[{"value":0,"string":""}]
+[{"value":0,"string":"","address":0}]
 EOF
 RUN