Fix many null pointer deref when passing trashed data

Added 'pa' command to print assembled instructions

libr/bin/bin.c

@@ -166,10 +166,11 @@ static void r_bin_init(RBin *bin) {
 	RListIter *it;
 	RBinXtrPlugin *xtr;
 
-	if (!bin->cur.o->referenced) {
-		r_bin_free_items (bin);
+	if (bin->cur.o) {
+		if (!bin->cur.o->referenced)
+			r_bin_free_items (bin);
+		free (bin->cur.file);
 	}
-	free (bin->cur.file);
 	memset (&bin->cur, 0, sizeof (bin->cur));
 	bin->cur.o = R_NEW0 (RBinObject);
 	memset (bin->cur.o, 0, sizeof (RBinObject));
@@ -187,9 +188,11 @@ static void r_bin_init(RBin *bin) {
 static int r_bin_extract(RBin *bin, int idx) {
 	if (bin->curxtr && bin->curxtr->extract)
 		return bin->curxtr->extract (bin, idx);
+	if (!bin->file)
+		return R_FALSE;
 	bin->cur.file = strdup (bin->file);
 	bin->cur.buf = r_buf_mmap (bin->file, 0);
-	return 1;
+	return R_TRUE;
 }
 
 R_API int r_bin_add(RBin *bin, RBinPlugin *foo) {

libr/config/config.c

@@ -151,9 +151,11 @@ R_API RConfigNode *r_config_set(RConfig *cfg, const char *name, const char *valu
 				node->flags|=CN_BOOL;
 				node->i_value = (!strcmp (value, "true"))? 1: 0;
 			}
-			r_hashtable_insert (cfg->ht, node->hash, node);
-			r_list_append (cfg->nodes, node);
-			cfg->n_nodes++;
+			if (cfg->ht) {
+				r_hashtable_insert (cfg->ht, node->hash, node);
+				r_list_append (cfg->nodes, node);
+				cfg->n_nodes++;
+			}
 		} else eprintf ("config is locked: cannot create '%s'\n", name);
 	}
 
@@ -221,9 +223,11 @@ R_API RConfigNode *r_config_set_i(RConfig *cfg, const char *name, const ut64 i)
 			if (!node) return NULL;
 			node->flags = CN_RW | CN_OFFT;
 			node->i_value = i;
-			r_hashtable_insert (cfg->ht, node->hash, node);
-			r_list_append (cfg->nodes, node);
-			cfg->n_nodes++;
+			if (cfg->ht) r_hashtable_insert (cfg->ht, node->hash, node);
+			if (cfg->nodes) {
+				r_list_append (cfg->nodes, node);
+				cfg->n_nodes++;
+			}
 		} else eprintf ("(locked: no new keys can be created (%s))\n", name);
 	}
 

libr/cons/grep.c

@@ -5,12 +5,16 @@
 
 R_API void r_cons_grep_help() {
 	eprintf (
-"Usage: [command]~[modifier][word,word]\n"
-"  modifiers\n"
+"Usage: [command]~[modifier][word,word][\[columne\][:line]\n"
+" modifiers\n"
 "   &  all words must match to grep the line\n"
 "   ^  words must be placed at the begining of line\n"
 "   !  negate grep\n"
 "   ?  count number of matching lines\n"
+" examples:\n"
+"   i~:0   # show fist line o 'i' output\n"
+"   pd~mov # disasm and grep for mov\n"
+"   pi~[0] # show only opcode\n"
 	);
 }
 
@@ -98,7 +102,8 @@ R_API void r_cons_grep(const char *str) {
 				eprintf ("grep string too long\n");
 				continue;
 			}
-			strncpy (cons->grep.strings[cons->grep.nstrings], optr, R_CONS_GREP_WORD_SIZE-1);
+			strncpy (cons->grep.strings[cons->grep.nstrings],
+				optr, R_CONS_GREP_WORD_SIZE-1);
 			cons->grep.nstrings++;
 			if (cons->grep.nstrings>R_CONS_GREP_WORDS-1) {
 				eprintf ("too many grep strings\n");

libr/core/cmd_print.c

@@ -174,6 +174,17 @@ static int cmd_print(void *data, const char *input) {
 #endif
 		}
 		break;
+	case 'a':
+		{
+			RAsmCode *acode;
+			r_asm_set_pc (core->assembler, core->offset);
+			acode = r_asm_massemble (core->assembler, input+1);
+			if (acode && *acode->buf_hex) {
+				r_cons_printf ("%s\n", acode->buf_hex);
+				r_asm_code_free (acode);
+			}
+		}
+		break;
 	case 'b': {
 		const int size = len*8;
 		char *buf = malloc (size+1);
@@ -572,6 +583,7 @@ static int cmd_print(void *data, const char *input) {
 		" p=            show entropy bars of full file\n"
 		" p6[de] [len]  base64 decode/encode\n"
 		" p8 [len]      8bit hexpair list of bytes\n"
+		" pa [opcode]   assemble opcode\n"
 		" pb [len]      bitstream of N bytes\n"
 		" pi[f] [len]   show opcodes of N bytes\n"
 		" pd[lf] [l]    disassemble N opcodes (see pd?)\n"

libr/core/core.c

@@ -957,3 +957,4 @@ R_API char *r_core_editor (RCore *core, const char *str) {
 /* weak getters */
 R_API RCons *r_core_get_cons (RCore *core) { return core->cons; }
 R_API RConfig *r_core_get_config (RCore *core) { return core->config; }
+R_API RBin *r_core_get_bin (RCore *core) { return core->bin; }

libr/core/file.c

@@ -126,6 +126,11 @@ R_API char *r_core_sysenv_begin(RCore *core, const char *cmd) {
 	return ret;
 }
 
+R_API void r_core_bin_set(RCore *r, RBin *b) {
+	// memleak? .. hacky api for nodejs
+	r->bin = b;
+}
+
 R_API int r_core_bin_load(RCore *r, const char *file) {
 	int va = r->io->va || r->io->debug;
 

libr/include/r_core.h

@@ -73,6 +73,8 @@ typedef struct r_core_asmsteps_t {
 } RCoreAsmsteps;
 
 typedef struct r_core_t {
+	RBin *bin;
+	RConfig *config;
 	ut64 offset;
 	ut32 blocksize;
 	ut32 blocksize_max;
@@ -95,17 +97,16 @@ typedef struct r_core_t {
 	RNum *num;
 	RLib *lib;
 	RCmd *cmd;
+
 	RAnal *anal;
 	RAsm *assembler;
 	RAnalRefline *reflines;
 	RAnalRefline *reflines2;
 	RParse *parser;
 	RPrint *print;
-	RBin *bin;
 	RLang *lang;
 	RDebug *dbg;
 	RFlag *flags;
-	RConfig *config;
 	RSearch *search;
 	RSign *sign;
 	RFS *fs;
@@ -128,6 +129,7 @@ typedef int (*RCoreSearchCallback)(RCore *core, ut64 from, ut8 *buf, int len);
 #ifdef R_API
 #define r_core_cast(x) (RCore*)(size_t)(x)
 R_API RCons *r_core_get_cons (RCore *core);
+R_API RBin *r_core_get_bin (RCore *core);
 R_API RConfig *r_core_get_config (RCore *core);
 R_API RAsmOp *r_core_disassemble (RCore *core, ut64 addr);
 R_API int r_core_init(RCore *core);
@@ -220,6 +222,7 @@ R_API RList *r_core_asm_bwdisassemble (RCore *core, ut64 addr, int n, int len);
 R_API int r_core_print_disasm(RPrint *p, RCore *core, ut64 addr, ut8 *buf, int len, int lines, int invbreak);
 
 R_API int r_core_bin_load(RCore *core, const char *file);
+R_API void r_core_bin_set(RCore *r, RBin *b);
 R_API int r_core_hash_load(RCore *core, const char *file);
 
 /* gdiff.c */

r2-bindings/node-ffi/examples/fail.js

@@ -0,0 +1,7 @@
+var r2 = require ('../r_core');
+
+var core = new r2.RCore();
+
+console.log (core.config);
+console.log ((null == core.config.get("io.va"))?"fail":"works!")
+	

r2-bindings/node-ffi/examples/r2irc.js

@@ -0,0 +1,115 @@
+/* TODO: use node-daemon and chroot */
+
+const nick = "r2bot";
+const channel = "#radare";
+const msgtimeout = 1000;
+
+var r2 = require ('../r_core');
+
+var core = new r2.RCore(), cons = r2.RCons;
+var fileName = process.argv[2] || '/bin/ls';
+const JS = JSON.stringify;
+const JP = JSON.parse;
+const JSHDR = {'Content-type': 'application/json'};
+
+/* XXX FAIL 
+
+var c = core.config
+var b = core.bin
+
+c.set ("io.va", "true");
+console.log ("iova= "+ c.get ("io.va"));
+process.exit(0);
+
+core.bin.load (fileName, 0);
+core.bin.select_idx (0);
+var info = core.bin.get_info();
+core.bin_load ('');
+
+console.log ("TYPE: "+info.type);
+
+core.config.set ("asm.arch", "x86");
+core.config.set ("asm.bits", "64");
+//core.bin = bin;
+*/
+
+
+core.file_open (fileName, 0, 0);
+console.log ("core->bin = "+core.config);
+   core.bin.select_idx (0);
+   core.bin_load (null);
+
+core.cmd0 ('? entry0')
+core.cmd0 ('pd @entry0')
+
+var IRC = require('irc.js');
+var irc = new IRC('irc.freenode.net', 6667);
+irc.on ('raw', function (data) {
+		console.log (data);
+		});
+irc.on ('connected', function (s) {
+	irc.nick ("r2bot");
+	irc.join (channel, function (x) {
+		irc.privmsg (channel, "hi");
+	});
+	console.log ("connected");
+});
+
+if (typeof String.prototype.startsWith != 'function') {
+	String.prototype.startsWith = function (str){
+		return this.slice(0, str.length) == str;
+	};
+}
+
+irc.on('privmsg', function(from, to, msg) {
+	console.log('<' + from + '> to ' + to + ': ' + msg);
+	switch (to) {
+	case  "#radare":
+	case  "#radarebot":
+		default:
+		if (!msg.startsWith ("!")) return;
+		var o = "";
+		msg = msg.replace (/>/g, "");
+		msg = msg.replace (/|/g, "");
+		msg = msg.replace (/!/g, "");
+		msg = msg.replace (/`/g, "");
+		msg = msg.replace (/\t/g, "   ");
+		var cmds = msg.split (";");
+		for (var i in cmds) {
+		msg = cmds[i];
+		msg = msg.replace (/^\ */, "");
+		if (msg.startsWith ("q")) o = "not now";
+		else
+		if (msg.startsWith ("o") && msg.length >1) o = "no open allowed";
+		else
+		if (msg.startsWith ("V")) o = "i cant do visuals on irc :(";
+		else
+		if (msg.startsWith ("ag")) o = "graphs cant be seen here.";
+		else o = core.cmd_str_pipe (msg);
+		}
+		if (o != "")
+			(function () {
+				 var a = o.split (o.indexOf ("\r") ==-1? "\n": "\r");
+				 var timedmsg = function (x) {
+				 irc.privmsg (to, a[0]);
+				 a = a.slice (1);
+				 if (a.length>0)
+				 setTimeout (timedmsg, msgtimeout);
+			 }
+			 setTimeout (timedmsg, msgtimeout);
+			 })();
+	break;
+		}
+	}
+);
+function finalize() {
+	irc.privmsg (channel, "byebye");
+	console.log ("byebye");
+	process.exit (0);
+}
+
+process.on ('SIGINT', finalize);
+process.on ('SIGTERM', finalize);
+
+irc.connect (nick, 'http://www.radare.org/', 'r2');
+

r2-bindings/vapi/r_core.vapi

@@ -4,28 +4,56 @@ namespace Radare {
 [Compact]
 [CCode (cheader_filename="r_flags.h,r_anal.h,r_core.h,r_bin.h,r_parse.h,r_lang.h,r_sign.h,r_reg.h,r_list.h,r_types_base.h", cname="RCore", free_function="r_core_free", cprefix="r_core_")]
 public class RCore {
-	public RFlag flags;
+	public RBin bin;
+	public RConfig config;
+
+	public uint64 offset;
+	public uint32 blocksize;
+	public uint32 blocksize_max;
+	public uint8 *block;
+	public uint8 *oobi;
+	public int ffio;
+	public int oobi_len;
+	public uint8 *_yank;
+	public int _yank_len;
+	public int tmpseek;
+	public bool _visual;
+	public uint64 _yank_off;
+	public int interrupted;
+
+	public RCons cons;
+	public RPair pair;
+	public RIO io;
+	public RCore.File file;
+	public void* files; // XXX RList<???>
 	public RNum num;
+	public RLib lib;
+	public void* rcmd;
+	public RAnal anal;
+	public RAsm assembler;
+	public void *reflines;
+	public void *reflines2;
+	public RParse parser;
+	public RPrint print;
+	public RLang lang;
+
+	public RDebug dbg;
+	public RFlag flags;
+	public RSearch search;
+	public RSign sign;
+
+	public RFS fs;
+	public REgg egg;
+public string cmdqueue;
+public string lastcmd;
+public int cmdrepeat;
+public uint64 inc;
+// rtr_n ...
+	// TODO: public RVm vm;
 	/* lifecycle */
 	public RCons* get_cons ();
 	public RConfig* get_config ();
 	public RCore();
-	public RIO io;
-	public RCons cons;
-	public RDebug dbg;
-	public RConfig config;
-	public REgg egg;
-	public RAsm assembler;
-	public RAnal anal;
-	public RBin bin;
-	public RFS fs;
-	public RParse parser;
-	public RLang lang;
-	public RSearch search;
-	public RSign sign;
-	public RPrint print;
-	// TODO: public RVm vm;
-	public uint64 offset;
 
 	public static unowned RCore cast(uint64 ptr);
 	public bool loadlibs();
@@ -46,6 +74,7 @@ public class RCore {
 	public int cmd_file(string file);
 	public int cmd_command(string cmd);
 	public unowned string cmd_str(string cmd);
+	public unowned string cmd_str_pipe(string cmd);
 
 	public string op_str(uint64 addr);
 	public RAnal.Op op_anal(uint64 addr);
@@ -142,7 +171,7 @@ public class RCore {
 	public int seek_delta(int64 addr);
 
 	public bool bin_load(string? file);
+	public void bin_set(RBin b);
 
-	public RCore.File file;
 }
 }