Fix oobs in dyldcache, omf and swift demangler

2024-11-27 15:10:53 +00:00 · 2017-04-11 14:11:15 +02:00 · 2017-04-11 14:11:15 +02:00 · 9a054c0a0f
commit 9a054c0a0f
parent 65776308c9
3 changed files with 20 additions and 7 deletions
--- a/libr/bin/format/mach0/dyldcache.c
+++ b/libr/bin/format/mach0/dyldcache.c
@ -40,8 +40,9 @@ struct r_bin_dyldcache_lib_t *r_bin_dyldcache_extract(struct r_bin_dyldcache_obj
 		eprintf ("Empty file? (%s)\n", bin->file? bin->file: "(null)");
 		return NULL;
 	}
-	if (bin->nlibs < 0 || idx < 0 || idx > bin->nlibs)
+	if (bin->nlibs < 0 || idx < 0 || idx >= bin->nlibs) {
 		return NULL;
+	}
 	*nlib = bin->nlibs;
 	ret = R_NEW0 (struct r_bin_dyldcache_lib_t);
 	if (!ret) {
--- a/libr/bin/format/omf/omf.c
+++ b/libr/bin/format/omf/omf.c
@ -123,9 +123,9 @@ static int load_omf_lnames(OMF_record *record, const char *buf, ut64 buf_size) {
 			return false;
 		}

-		memcpy (names[ct_name], buf + 3 + tmp_size + 1,
-			buf[3 + tmp_size]);
-
+		if ((tmp_size + 4 + buf[3 + tmp_size]) < record->size) {
+			memcpy (names[ct_name], buf + 3 + tmp_size + 1, buf[3 + tmp_size]);
+		}
 		ct_name++;
 		tmp_size += buf[3 + tmp_size] + 1;
 	}
--- a/libr/bin/mangling/swift-sd.c
+++ b/libr/bin/mangling/swift-sd.c
@ -74,8 +74,12 @@ static struct Type flags [] = {
 };

 static const char *getnum(const char* n, int *num) {
-	if (num) *num = atoi (n);
-	while (*n>='0' && *n <='9') n++;
+	if (num && *n) {
+		*num = atoi (n);
+	}
+	while (*n && *n>='0' && *n <='9') {
+		n++;
+	}
 	return n;
 }

@ -225,7 +229,15 @@ char *r_bin_demangle_swift(const char *s, int syscmd) {
 			break;
 		}
 	}
-	p += (tail? 1: 2);
+	if (tail) {
+		if (*p) {
+			p++;
+		}
+	} else {
+		if (*p && p[1]) {
+			p += 2;
+		}
+	}

 	// XXX
 	q = getnum (p, NULL);