Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-12-04 11:43:39 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

r_io_cache_read: fix number of bytes returned (1, should be 0) when c->to == addr

Browse Source
This commit is contained in:
Fangrui Song 2017-08-14 09:58:18 -07:00 committed by radare
parent 2586323998
commit a4b4fc72dc
2 changed files with 24 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
libr/io/cache.c
View File

@ -171,32 +171,18 @@ R_API int r_io_cache_write(RIO *io, ut64 addr, const ut8 *buf, int len) {
}
R_API int r_io_cache_read(RIO *io, ut64 addr, ut8 *buf, int len) {
int l, ret, da, db;
int covered = 0;
int l, covered = 0;
RListIter *iter;
RIOCache *c;
if (len < 0) {
return 0;
}
r_list_foreach (io->cache, iter, c) {
if (r_range_overlap (addr, addr+len-1, c->from, c->to, &ret)) {
if (ret>0) {
da = ret;
db = 0;
l = c->size;
} else if (ret<0) {
da = 0;
db = -ret;
l = c->size - db;
if (addr < c->to && c->from < addr + len) {
if (addr < c->from) {
l = R_MIN (addr + len - c->from, c->size);
memcpy (buf + c->from - addr, c->data, l);
} else {
da = 0;
db = 0;
l = c->size;
l = R_MIN (c->to - addr, len);
memcpy (buf, c->data + addr - c->from, l);
}
if ((l+da)>len) l = len-da; //say hello to integer overflow, but this won't happen in realistic scenarios because malloc will fail befor
if (l<1) l = 1; // XXX: fail
else memcpy (buf+da, c->data+db, l);
covered += l;
}
}

50
libr/util/buf.c
View File

@ -7,39 +7,25 @@
// TODO: Optimize to use memcpy when buffers are not in range..
// check buf boundaries and offsets and use memcpy or memmove
// copied from riocacheread
// copied from libr/io/cache.c:r_io_cache_read
// ret # of bytes copied
static int sparse_read(RList *list, ut64 addr, ut8 *buf, int len) {
int l, ret, da, db;
RListIter *iter;
RBufferSparse *c;
r_list_foreach (list, iter, c) {
if (r_range_overlap (addr, addr+len-1, c->from, c->to, &ret)) {
if (ret > 0) {
da = ret;
db = 0;
l = c->size;
} else if (ret < 0) {
da = 0;
db = -ret;
l = c->size-db;
} else {
da = 0;
db = 0;
l = c->size;
}
// say hello to integer overflow, but this won't happen in
// realistic scenarios because malloc will fail befor
if ((l + da) > len) {
l = len - da;
int l, covered = 0;
RListIter *iter;
RBufferSparse *c;
r_list_foreach (list, iter, c) {
if (addr < c->to && c->from < addr + len) {
if (addr < c->from) {
l = R_MIN (addr + len - c->from, c->size);
memcpy (buf + c->from - addr, c->data, l);
} else {
l = R_MIN (c->to - addr, len);
memcpy (buf, c->data + addr - c->from, l);
}
if (l > 0) {
memcpy (buf + da, c->data + db, l);
}
}
}
return len;
covered += l;
}
}
return covered;
}
static RBufferSparse *sparse_append(RList *l, ut64 addr, const ut8 *data, int len) {
@ -471,9 +457,7 @@ static int r_buf_cpy(RBuffer *b, ut64 addr, ut8 *dst, const ut8 *src, int len, i
} else {
// read from sparse and write into dst
memset (dst, 0xff, len);
if (sparse_read (b->sparse, addr, dst, len) < 0) {
return -1;
}
(void)sparse_read (b->sparse, addr, dst, len);
}
return len;
}