mirror of
https://github.com/radareorg/radare2.git
synced 2024-12-01 00:51:19 +00:00
Wrong bounds initializing dwarf dies (tests_64901) ##crash
Reported by giantbranch of NSFOCUS TIANJI Lab
This commit is contained in:
parent
f209fcb903
commit
67b97621d1
@ -1,18 +1,7 @@
|
||||
/* radare - LGPL - Copyright 2012-2021 - pancake, Fedor Sakharov */
|
||||
|
||||
#define D0 if(1)
|
||||
#define D1 if(1)
|
||||
|
||||
#include <errno.h>
|
||||
|
||||
#define DWARF_DUMP 0
|
||||
|
||||
#if DWARF_DUMP
|
||||
#define DBGFD stdout
|
||||
#else
|
||||
#define DBGFD NULL
|
||||
#endif
|
||||
|
||||
#include <r_bin.h>
|
||||
#include <r_bin_dwarf.h>
|
||||
#include <r_core.h>
|
||||
@ -1203,17 +1192,17 @@ static int init_die(RBinDwarfDie *die, ut64 abbr_code, ut64 attr_count) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int init_comp_unit(RBinDwarfCompUnit *cu) {
|
||||
static bool init_comp_unit(RBinDwarfCompUnit *cu) {
|
||||
if (!cu) {
|
||||
return -EINVAL;
|
||||
return false;
|
||||
}
|
||||
cu->dies = calloc (sizeof (RBinDwarfDie), COMP_UNIT_CAPACITY);
|
||||
if (!cu->dies) {
|
||||
return -ENOMEM;
|
||||
return false;
|
||||
}
|
||||
cu->capacity = COMP_UNIT_CAPACITY;
|
||||
cu->count = 0;
|
||||
return 0;
|
||||
return true;
|
||||
}
|
||||
|
||||
static int expand_cu(RBinDwarfCompUnit *cu) {
|
||||
@ -1838,6 +1827,9 @@ static const ut8 *parse_attr_value(const ut8 *obuf, int obuf_len,
|
||||
value->kind = DW_AT_KIND_ADDRESS;
|
||||
buf = r_uleb128 (buf, buf_end - buf, &value->address, NULL);
|
||||
break;
|
||||
case 0:
|
||||
// ignore
|
||||
break;
|
||||
default:
|
||||
eprintf ("Unknown DW_FORM 0x%02" PFMT64x "\n", def->attr_form);
|
||||
value->uconstant = 0;
|
||||
@ -1864,10 +1856,10 @@ static const ut8 *parse_die(const ut8 *buf, const ut8 *buf_end, RBinDwarfAbbrevD
|
||||
if (!buf || !buf_end || buf > buf_end) {
|
||||
return NULL;
|
||||
}
|
||||
for (i = 0; i < abbrev->count - 1; i++) {
|
||||
if (die->capacity < 1) {
|
||||
break;
|
||||
}
|
||||
for (i = 0; i < die->count; i++) {
|
||||
memset (&die->attr_values[i], 0, sizeof (RBinDwarfDie));
|
||||
}
|
||||
for (i = 0; i < abbrev->count && i < die->capacity; i++) {
|
||||
memset (&die->attr_values[i], 0, sizeof (die->attr_values[i]));
|
||||
// debug_str_len = r_str_nlen (debug_str, buf_end - buf);
|
||||
const ut8 *nbuf = parse_attr_value (buf, buf_end - buf,
|
||||
@ -2060,7 +2052,7 @@ static RBinDwarfDebugInfo *parse_info_raw(Sdb *sdb, RBinDwarfDebugAbbrev *da,
|
||||
}
|
||||
|
||||
RBinDwarfCompUnit *unit = &info->comp_units[unit_idx];
|
||||
if (init_comp_unit (unit) < 0) {
|
||||
if (!init_comp_unit (unit)) {
|
||||
unit_idx--;
|
||||
goto cleanup;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user