* Use strncpy instead of strcpy in asm and util

- Also avoid using sprintf and strcat
  - Some speedup and buffer overflows fixed
* Reimplement 'ap' command using the API
  - Fixes some issues related to nested console buffers
  - Faster and more reliable
* Use Color_ definitions instead of hardcoded values in r_print

libr/asm/asm.c

@@ -285,10 +285,10 @@ R_API RAsmCode* r_asm_massemble(RAsm *a, const char *buf) {
 		return NULL;
 	if (!(acode->buf_asm = malloc (strlen (buf)+16)))
 		return r_asm_code_free (acode);
-	strcpy (acode->buf_asm, buf);
+	strncpy (acode->buf_asm, buf, sizeof (acode->buf_asm)-1);
 	if (!(acode->buf_hex = malloc (64)))
 		return r_asm_code_free (acode);
-	acode->buf_hex[0]=0;
+	*acode->buf_hex = 0;
 	if (!(acode->buf = malloc (64)))
 		return r_asm_code_free (acode);
 	lbuf = strdup (buf);

libr/cons/color.c

@@ -128,7 +128,7 @@ R_API int r_cons_palette_init(const unsigned char *pal) {
 							continue;
 						}
 				//		printf("KEYWORD FOUND = %s (value = %c)\n", pal_names[j], pal[i+1]);
-						strcpy(r_cons_palette[j], r_cons_get_color(pal[i+1]));
+						strcpy (r_cons_palette[j], r_cons_get_color(pal[i+1]));
 					}
 				}
 			} else {

libr/core/cmd.c

@@ -2125,6 +2125,71 @@ static int var_cmd(RCore *core, const char *str) {
 }
 #endif
 
+static int preludecnt = 0;
+static int __prelude_cb_hit(RSearchKeyword *kw, void *user, ut64 addr) {
+	RCore *core = (RCore *)user;
+	int depth = r_config_get_i (core->config, "anal.depth");
+	eprintf ("ap: Found function prelude at 0x%08llx\n", addr);
+	r_core_anal_fcn (core, addr, -1, R_ANAL_REF_TYPE_NULL, depth);
+	preludecnt++;
+	return R_TRUE;
+}
+
+static void search_preludes(RCore *core, const ut8 *buf, int blen, const ut8 *mask, int mlen) {
+	int ret;
+	ut64 at, from, to;
+	ut8 *b = (ut8 *)malloc (core->blocksize);
+// TODO: handle sections ?
+	r_search_reset (core->search, R_SEARCH_KEYWORD);
+	r_search_kw_add (core->search, 
+		r_search_keyword_new (buf, blen, mask, mlen, NULL));
+	r_search_begin (core->search);
+	r_search_set_callback (core->search, &__prelude_cb_hit, core);
+	preludecnt = 0;
+	from = core->offset;
+	to = core->offset+0xffffff; // XXX
+	for (at = from; at < to; at += core->blocksize) {
+		if (r_cons_singleton ()->breaked)
+			break;
+		ret = r_io_read_at (core->io, at, b, core->blocksize);
+		if (ret != core->blocksize)
+			break;
+		if (r_search_update (core->search, &at, b, ret) == -1) {
+			eprintf ("search: update read error at 0x%08"PFMT64x"\n", at);
+			break;
+		}
+	}
+	eprintf ("Analized %d functions based on preludes\n", preludecnt);
+	free (b);
+}
+
+R_API r_core_search_preludes(RCore *core) {
+	const char *arch = r_config_get (core->config, "asm.arch");
+	int bits = r_config_get_i (core->config, "asm.bits");
+	// TODO: this is x86 only
+	// TODO: allow interruptible search
+	char *o = strdup (r_config_get (core->config, "search.prefix"));
+	r_config_set (core->config, "search.prefix", "pre.");
+	r_flag_space_set (core->flags, "preludes");
+	if (strstr (arch, "x86")) {
+		switch (bits) {
+		case 32:
+			search_preludes (core, "\x55\x89\xe5", 3, NULL, 0);
+			break;
+		case 64:
+			search_preludes (core, "\x55\x48\x89\xe5", 3, NULL, 0);
+			//r_core_cmd0 (core, "./x 554989e5");
+			break;
+		default:
+			eprintf ("ap: Unsupported bits: %d\n", bits);
+		}
+	} else {
+		eprintf ("ap: Unsupported asm.arch and asm.bits\n");
+	}
+	r_config_set (core->config, "search.prefix", o);
+	free (o);
+}
+
 static int cmd_anal(void *data, const char *input) {
 	const char *ptr;
 	RCore *core = (RCore *)data;
@@ -2510,34 +2575,7 @@ static int cmd_anal(void *data, const char *input) {
 		r_core_anal_all (core);
 		break;
 	case 'p':
-		{
-			const char *arch = r_config_get (core->config, "asm.arch");
-			int bits = r_config_get_i (core->config, "asm.bits");
-			// TODO: this is x86 only
-			// TODO: allow interruptible search
-			char *o = strdup (r_config_get (core->config, "search.prefix"));
-			r_config_set (core->config, "search.prefix", "pre.");
-			r_core_cmd0 (core, "fs preludes");
-			if (strstr (arch, "x86")) {
-				switch (bits) {
-				case 32:
-					r_core_cmd0 (core, "./x 5589e5");
-					r_core_cmd0 (core, "af @@ pre.");
-					break;
-				case 64:
-					//r_core_cmd0 (core, "./x 554989e5");
-					r_core_cmd0 (core, "./x 554889e5"); // OSX
-					r_core_cmd0 (core, "af @@ pre.");
-					break;
-				default:
-					eprintf ("ap: Unsupported bits: %d\n", bits);
-				}
-			} else {
-				eprintf ("ap: Unsupported asm.arch and asm.bits\n");
-			}
-			r_config_set (core->config, "search.prefix", o);
-			free (o);
-		}
+		r_core_search_preludes (core);
 		break;
 	case 'd':
 		{

libr/core/core.c

@@ -374,7 +374,7 @@ R_API int r_core_prompt(RCore *r, int sync) {
 	char prompt[32];
 	const char *cmdprompt = r_config_get (r->config, "cmd.prompt");
 
-	if (cmdprompt && cmdprompt[0])
+	if (cmdprompt && *cmdprompt)
 		ret = r_core_cmd (r, cmdprompt, 0);
 
 	if (!r_line_singleton()->echo)

libr/line/dietline.c

@@ -168,7 +168,7 @@ R_API void r_line_autocomplete() {
 	int argc = 0;
 	char *p;
 	const char **argv = NULL;
-	int i, j, opt, len = 0;
+	int i, j, opt, plen, len = 0;
 	int cols = r_cons_get_size (NULL)*0.82;
 
 	/* prepare argc and argv */
@@ -179,16 +179,26 @@ R_API void r_line_autocomplete() {
 	} else opt = 0;
 
 	p = r_str_lchr (I.buffer.data, ' ');
-	p = p? p+1: I.buffer.data; //+I.buffer.length;
+	if (p) {
+		p++;
+		plen = (int)(size_t)(p-I.buffer.data);
+	} else {
+		p = I.buffer.data;
+		plen = sizeof (I.buffer.data);
+	}
 	/* autocomplete */
 	if (argc==1) {
-		strcpy (p, argv[0]);
-		I.buffer.index = I.buffer.length = strlen (I.buffer.data) + 1;
-		strcat (p, " ");
-		I.buffer.length = strlen (I.buffer.data); // XXX: already calculated ?? wtf
+		int largv0 = strlen (argv[0]);
+		if (largv0+3 < plen) {
+			memcpy (p, argv[0], largv0);
+			memcpy (p+largv0, " ", 2);
+			I.buffer.index = I.buffer.length = largv0 + 1;
+		}
 	} else
 	if (argc>0) {
 		if (*p) {
+			// TODO: do not use strdup here
+			// TODO: avoid overflow
 			char *root = strdup (argv[0]);
 			// try to autocomplete argument
 			for (i=0; i<argc; i++) {

libr/print/print.c

@@ -110,18 +110,18 @@ R_API char *r_print_hexpair(RPrint *p, const char *str, int n) {
 				memcat (d, "\x1b[7m");
 		}
 		if ((p->flags & R_PRINT_FLAGS_COLOR)) {
-			if (s[0]=='0' && s[1]=='0') { memcat (d, "\x1b[32m"); }
-			else if (s[0]=='7' && s[1]=='f') { memcat (d, "\x1b[33m"); }
-			else if (s[0]=='f' && s[1]=='f') { memcat (d, "\x1b[31m"); }
+			if (s[0]=='0' && s[1]=='0') { memcat (d, Color_GREEN); }
+			else if (s[0]=='7' && s[1]=='f') { memcat (d, Color_YELLOW); }
+			else if (s[0]=='f' && s[1]=='f') { memcat (d, Color_RED); }
 			else {
 				sscanf (s, "%02x", &ch);
 				if (IS_PRINTABLE (ch))
-					memcat (d, "\x1b[35m");
+					memcat (d, Color_MAGENTA);
 			}
 		}
 		memcpy (d, s, 2);
 	}
-	memcpy (d, "\x1b[0m", 5);
+	memcpy (d, Color_RESET, strlen (Color_RESET));
 	return dst;
 }
 
@@ -134,16 +134,16 @@ R_API void r_print_byte(RPrint *p, const char *fmt, int idx, ut8 ch) {
 	if (p->flags & R_PRINT_FLAGS_COLOR) {
 		char *pre = NULL;
 		switch (ch) {
-		case 0x00: pre = "\x1b[32m"; break;
-		case 0x7F: pre = "\x1b[33m"; break;
-		case 0xFF: pre = "\x1b[31m"; break;
+		case 0x00: pre = Color_GREEN; break;
+		case 0x7F: pre = Color_YELLOW; break;
+		case 0xFF: pre = Color_RED; break;
 		default:
 			if (IS_PRINTABLE (ch))
-				pre = "\x1b[35m";
+				pre = Color_MAGENTA;
 		}
 		if (pre) p->printf (pre);
 		p->printf (fmt, rch);
-		if (pre) p->printf ("\x1b[0m");
+		if (pre) p->printf (Color_RESET);
 	} else p->printf (fmt, rch);
 	r_print_cursor (p, idx, 0);
 }

libr/util/file.c

@@ -176,7 +176,7 @@ R_API char *r_file_slurp_line(const char *file, int line, int context) {
 			return NULL;
 		}
 		lines = line;
-		for (i=0;str[i]&&lines;i++)
+		for (i=0; str[i]&&lines; i++)
 			if (str[i]=='\n')
 				lines--;
 		ptr = str+i;
@@ -207,9 +207,9 @@ R_API boolt r_file_dump(const char *file, const ut8 *buf, int len) {
 
 R_API boolt r_file_rm(const char *file) {
 #if __WINDOWS__
-	return (DeleteFile (file)==0)? R_TRUE:R_FALSE;
+	return (DeleteFile (file)==0)? R_TRUE: R_FALSE;
 #else
-	return (unlink (file)==0)? R_TRUE:R_FALSE;
+	return (unlink (file)==0)? R_TRUE: R_FALSE;
 #endif
 }
 
@@ -285,9 +285,12 @@ R_API void r_file_mmap_free (RMmap *m) {
 }
 
 R_API char *r_file_temp (const char *prefix) {
+	int namesz;
+	char *name;
 	const char *path = r_file_tmpdir ();
-	char *name = malloc (strlen (prefix) + strlen (path) +32);
-	sprintf (name, "%s/%s.%"PFMT64x, path, prefix, r_sys_now ());
+	namesz = strlen (prefix) + strlen (path) + 32;
+	name = malloc (namesz);
+	snprintf (name, namesz, "%s/%s.%"PFMT64x, path, prefix, r_sys_now ());
 	return name;
 }
 
@@ -307,7 +310,6 @@ R_API int r_file_mkstemp (const char *prefix, char **oname) {
 #endif
 	if (oname && h!=-1) *oname = name;
 	else free (name);
-
 	return h;
 }
 

libr/util/hex.c

@@ -16,17 +16,15 @@ R_API int r_hex_to_byte(ut8 *val, ut8 c) {
 /* int byte = hexpair2bin("A0"); */
 // (0A) => 10 || -1 (on error)
 R_API int r_hex_pair2bin(const char *arg) {
-	unsigned char *ptr;
-	unsigned char c = '\0';
-	unsigned char d = '\0';
-	unsigned int  j = 0;
+	ut8 *ptr, c = 0, d = 0;
+	ut32 j = 0;
 
-	for (ptr = (unsigned char *)arg; ;ptr = ptr + 1) {
-		if (!*ptr || ptr[0]==' ' || j==2)
+	for (ptr = (ut8*)arg; ;ptr = ptr + 1) {
+		if (!*ptr || *ptr==' ' || j==2)
 			break;
 		d = c;
-		if (r_hex_to_byte (&c, ptr[0])) {
-			eprintf ("Invalid hexa string at char '%c'.\n", ptr[0]);
+		if (r_hex_to_byte (&c, *ptr)) {
+			eprintf ("Invalid hexa string at char '%c'.\n", *ptr);
 			return -1;
 		}
 		c |= d;
@@ -113,12 +111,12 @@ R_API int r_hex_str2bin(const char *in, ut8 *out) {
 
 R_API int r_hex_str2binmask(const char *in, ut8 *out, ut8 *mask) {
 	ut8 *ptr;
-	int len;
-	strcpy ((char*)out, in);
+	int len, ilen = strlen (in)+1;
+	memcpy (out, in, ilen);
 	for (ptr=out; *ptr; ptr++) if (*ptr=='.') *ptr = '0';
 	len = r_hex_str2bin ((char*)out, out);
 	if (len != -1) {
-		strcpy ((char*)mask, in);
+		memcpy (mask, in, ilen);
 		for (ptr=mask; *ptr; ptr++) *ptr = (*ptr=='.')?'0':'f';
 		len = r_hex_str2bin ((char*)mask, mask);
 	}
@@ -130,15 +128,15 @@ R_API st64 r_hex_bin_truncate (ut64 in, int n) {
 	case 1:
 		if ((in&UT8_GT0))
 			return UT64_8U|in;
-		else return in&UT8_MAX;
+		return in&UT8_MAX;
 	case 2: 
 		if ((in&UT16_GT0))
 			return UT64_16U|in;
-		else return in&UT16_MAX;
+		return in&UT16_MAX;
 	case 4: 
 		if ((in&UT32_GT0))
 			return UT64_32U|in;
-		else return in&UT32_MAX;
+		return in&UT32_MAX;
 	case 8:
 		return in&UT64_MAX;
 	}

libr/util/str.c

@@ -71,7 +71,7 @@ R_API void r_str_subchr (char *s, int a, int b) {
 	while (*s) {
 		if (*s==a) {
 			if (b) *s = b;
-			else strcpy (s, s+1);
+			else memmove (s, s+1, strlen (s+1)+1);
 		}
 		s++;
 	}
@@ -160,30 +160,32 @@ R_API const char *r_str_rwx_i(int rwx) {
 }
 
 R_API const char *r_str_bool(int b) {
-	if (b) return "true";
-	return "false";
+	return b? "true": "false";
 }
 
 R_API void r_str_case(char *str, int up) {
 	if (up) {
-		while(*str)
+		while (*str)
 			*str = tolower (*str);
 	} else {
-		while(*str)
+		while (*str)
 			*str = toupper (*str);
 	}
 }
 
 R_API char *r_str_home(const char *str) {
+	int lhome, lstr;
 	char *dst;
 	const char *home = r_sys_getenv (R_SYS_HOME);
 	if (home == NULL)
 		return NULL;
-	dst = (char *)malloc (strlen (home) + strlen (str)+2);
-	strcpy (dst, home);
+	lhome = strlen (home);
+	lstr = strlen (str);
+	dst = (char *)malloc (lhome + lstr + 2);
+	memcpy (dst, home, lhome+1);
 	if (str && *str) {
-		strcat (dst, R_SYS_DIR);
-		strcat (dst, str);
+		memcpy (dst+lhome, R_SYS_DIR, strlen (R_SYS_DIR));
+		memcpy (dst+lhome+strlen (R_SYS_DIR), str, lstr+1);
 	}
 	return dst;
 }
@@ -191,14 +193,14 @@ R_API char *r_str_home(const char *str) {
 /* XXX Fix new hash algo*/
 R_API ut64 r_str_hash64(const char *str) {
 	ut64 ret = 0;
-	for (;*str; str++)
+	for (; *str; str++)
 		ret ^= (ret<<7 | *str);
 	return ret;
 }
 
 R_API ut32 r_str_hash(const char *str) {
 	ut32 ret = 0;
-	for (;*str; str++)
+	for (; *str; str++)
 		ret ^= (ret<<7 | *str);
 	return ret;
 }
@@ -481,18 +483,22 @@ R_API void *r_str_free(void *ptr) {
 	return NULL;
 }
 
+#if 0
+// XXX: unused
 R_API int r_str_inject(char *begin, char *end, char *str, int maxlen) {
+	int slen = strlen (str);
 	int len = strlen (end)+1;
 	char *tmp;
-	if (maxlen > 0 && ((strlen (begin)-(end-begin)+strlen (str)) > maxlen))
+	if (maxlen > 0 && ((strlen (begin)-(end-begin)+slen) > maxlen))
 		return 0;
 	tmp = malloc (len);
 	memcpy (tmp, end, len);
-	strcpy (begin, str);
-	strcat (begin, tmp);
+	memcpy (begin, str, slen);
+	memcpy (begin+slen, tmp, len);
 	free (tmp);
 	return 1;
 }
+#endif
 
 /* unstable code (taken from GNU) */
 /*------------------------------------------------*/
@@ -571,13 +577,13 @@ R_API int r_str_escape(char *buf) {
 			continue;
 		if (buf[i+1]=='e') {
 			buf[i] = 0x1b;
-			strcpy (buf+i+1, buf+i+2);
+			memmove (buf+i+1, buf+i+2, strlen (buf+i+2)+1);
 		} else if (buf[i+1]=='r') {
 			buf[i] = 0x0d;
-			strcpy (buf+i+1, buf+i+2);
+			memmove (buf+i+1, buf+i+2, strlen (buf+i+2)+1);
 		} else if (buf[i+1]=='n') {
 			buf[i] = 0x0a;
-			strcpy (buf+i+1, buf+i+2);
+			memmove (buf+i+1, buf+i+2, strlen (buf+i+2)+1);
 		} else if (buf[i+1]=='x') {
 			err = ch2 = ch = 0;
 			if (!buf[i+2] || !buf[i+3]) {
@@ -591,7 +597,7 @@ R_API int r_str_escape(char *buf) {
 				return 0;
 			}
 			buf[i] = (ch<<4)+ch2;
-			strcpy (buf+i+1, buf+i+4);
+			memmove (buf+i+1, buf+i+4, strlen (buf+i+4)+1);
 		} else {
 			eprintf ("'\\x' expected.\n");
 			return 0;
@@ -733,7 +739,7 @@ R_API char **r_str_argv(const char *_str, int *_argc) {
 		case '"':
 			if (escape) {
 				escape = 0;
-				strcpy (ptr, ptr+1);
+				memmove (ptr, ptr+1, strlen (ptr+1)+1);
 			} else {
 				if (quote) {
 					*ptr = '\0';