Fix crash demangle in objc reported by revskills

libr/bin/bin.c

@@ -1777,14 +1777,16 @@ R_API RBinClass *r_bin_class_get (RBinFile *binfile, const char *name) {
 
 R_API int r_bin_class_add_method (RBinFile *binfile, const char *classname, const char *name, int nargs) {
 	RBinClass *c = r_bin_class_get (binfile, classname);
-	char *n = strdup (name);
+	RBinSymbol *sym = R_NEW0 (RBinSymbol);
+	if (!sym) return false;
+	r_str_cpy (sym->name, name);
 	if (c) {
-		r_list_append (c->methods, (void*)n);
+		r_list_append (c->methods, sym);
 		return true;
 	}
 	c = r_bin_class_new (binfile, classname, NULL, 0);
-	r_list_append (c->methods, (void*)n);
-	return false;
+	r_list_append (c->methods, sym);
+	return true;
 }
 
 R_API void r_bin_class_add_field (RBinFile *binfile, const char *classname, const char *name) {

libr/bin/demangle.c

@@ -170,35 +170,37 @@ R_API char *r_bin_demangle_objc(RBinFile *binfile, const char *sym) {
 
 	/* classes */
 	if (!strncmp (sym, "_OBJC_Class_", 12)) {
-		ret = malloc (10+strlen (sym));
-		sprintf (ret, "class %s", sym+12);
-		if (binfile) r_bin_class_new (binfile, sym+12, NULL, R_BIN_CLASS_PUBLIC);
+		ret = r_str_newf ("class %s", sym + 12);
+		if (binfile) r_bin_class_new (binfile, sym + 12,
+					NULL, R_BIN_CLASS_PUBLIC);
 		return ret;
-	} else
+	}
 	if (!strncmp (sym, "_OBJC_CLASS_$_", 14)) {
-		ret = malloc (10+strlen (sym));
-		sprintf (ret, "class %s", sym+14);
-		if (binfile) r_bin_class_new (binfile, sym+14, NULL, R_BIN_CLASS_PUBLIC);
+		ret = r_str_newf ("class %s", sym + 14);
+		if (binfile) r_bin_class_new (binfile, sym + 14,
+					NULL, R_BIN_CLASS_PUBLIC);
 		return ret;
-	} else
+	}
 	/* fields */
 	if (!strncmp (sym, "_OBJC_IVAR_$_", 13)) {
 		char *p;
-		clas = strdup (sym+13);
+		clas = strdup (sym + 13);
 		p = strchr (clas, '.');
 		type = "field";
 		if (p) {
 			*p = 0;
 			name = strdup (p+1);
-		} else name = NULL;
+		} else {
+			name = NULL;
+		}
 		if (binfile) r_bin_class_add_field (binfile, clas, name);
-	} else
+	}
 	/* methods */
 	if (sym[1] == '[') { // apple style
 		if (sym[0] == '+') type = "static";
 		else if (sym[0] == '-') type = "public";
 		if (type) {
-			clas = strdup (sym+2);
+			clas = strdup (sym + 2);
 			name = strchr (clas, ' ');
 			if (name) {
 				*name++ = 0;
@@ -207,10 +209,10 @@ R_API char *r_bin_demangle_objc(RBinFile *binfile, const char *sym) {
 					free (clas);
 					return NULL;
 				}
-				for (i=0; name[i]; i++) {
+				for (i = 0; name[i]; i++) {
 					if (name[i]==']') {
 						name[i] = 0;
-					} else
+					}
 					if (name[i]==':') {
 						nargs++;
 						name[i] = 0;
@@ -218,24 +220,24 @@ R_API char *r_bin_demangle_objc(RBinFile *binfile, const char *sym) {
 				}
 			}
 		}
-	} else
-	if (sym[0]=='_' && sym[2]=='_') { // gnu style
-		clas = strdup (sym+3);
+	}
+	if (sym[0] == '_' && sym[2] == '_') { // gnu style
+		clas = strdup (sym + 3);
 		args = strstr (clas, "__");
 		if (!args) {
 			free (clas);
 			return NULL;
 		}
 		*args = 0;
-		name = strdup (args+2);
+		name = strdup (args + 2);
 		if (!name){
 			free (args);
 			free (clas);
 			return NULL;
 		}
 		args = NULL;
-		for (i=0; name[i]; i++) {
-			if (name[i]=='_') {
+		for (i = 0; name[i]; i++) {
+			if (name[i] == '_') {
 				name[i] = 0;
 				nargs++;
 			}
@@ -245,24 +247,22 @@ R_API char *r_bin_demangle_objc(RBinFile *binfile, const char *sym) {
 	}
 	if (type) {
 		if (!strcmp (type, "field")) {
-			int namelen = name?strlen (name):0;
-			ret = malloc (strlen (clas)+namelen+32);
-			if (ret) sprintf (ret, "field int %s::%s", clas, name);
+			ret = r_str_newf ("field int %s::%s", clas, name);
 		} else {
 			if (nargs) {
 				const char *arg = "int";
-				args = malloc (((strlen (arg)+4) * nargs)+1);
+				args = malloc (((strlen (arg) + 4) * nargs) + 1);
 				args[0] = 0;
-				for(i=0;i<nargs; i++) {
+				for(i = 0;i < nargs; i++) {
 					strcat (args, arg);
-					if (i+1<nargs)
+					if (i + 1 < nargs)
 						strcat (args, ", ");
 				}
-			} else args = strdup ("");
-				if (type && name && *name) {
-				ret = malloc (strlen (type)+strlen (name)+
-					strlen(clas)+strlen(args)+15);
-				sprintf (ret, "%s int %s::%s(%s)", type, clas, name, args);
+			} else {
+				args = strdup ("");
+			}
+			if (type && name && *name) {
+				ret = r_str_newf ("%s int  %s::%s(%s)", type, clas, name, args);
 				if (binfile) r_bin_class_add_method (binfile, clas, name, nargs);
 			}
 		}

libr/config/config.c

@@ -190,18 +190,24 @@ R_API RConfigNode *r_config_set(RConfig *cfg, const char *name, const char *valu
 		}
 		if (node->flags & CN_BOOL) {
 			int b = (!strcmp (value,"true") || !strcmp (value,"1"));
-			node->i_value = (ut64)(b == 0) ? 0:1;
+			node->i_value = (ut64)(b == 0) ? 0 : 1;
+			free (node->value);
 			node->value = strdup (b ? "true" : "false");
 		} else {
 			if (value == NULL) {
+				free (node->value);
 				node->value = strdup ("");
 				node->i_value = 0;
 			} else {
+				free (node->value);
 				node->value = strdup (value);
 				if (*value >= '0' && *value <= '9') {
-					if (strchr (value, '/'))
+					if (strchr (value, '/')) {
 						node->i_value = r_num_get (cfg->num, value);
-					else node->i_value = r_num_math (cfg->num, value);
+					}
+					else {
+						node->i_value = r_num_math (cfg->num, value);
+					}
 				} else {
 					node->i_value = 0;
 				}
@@ -222,8 +228,9 @@ R_API RConfigNode *r_config_set(RConfig *cfg, const char *name, const char *valu
 					r_list_append (cfg->nodes, node);
 					cfg->n_nodes++;
 				}
-			} else
+			} else {
 				eprintf ("r_config_set: unable to create a new RConfigNode\n");
+			}
 		} else {
 			eprintf ("r_config_set: variable '%s' not found\n", name);
 		}

libr/syscall/syscall.c

@@ -69,7 +69,7 @@ R_API int r_syscall_setup(RSyscall *s, const char *arch, const char *os, int bit
 	}
 
 #define SYSCALLPATH R2_LIBDIR"/radare2/"R2_VERSION"/syscall"
-	file = sdb_fmt (0, "%s/%s-%s-%d.sdb", 
+	file = sdb_fmt (0, "%s/%s-%s-%d.sdb",
 		SYSCALLPATH, os, arch, bits);
 	if (!r_file_exists (file)) {
 		//eprintf ("r_syscall_setup: Cannot find '%s'\n", file);