mirror of
https://github.com/radareorg/radare2.git
synced 2025-03-04 20:39:46 +00:00
Fix crash in gdb:// and some oobreads
This commit is contained in:
pancake
parent
690847a25f
commit
a59e0ce083
@ -138,12 +138,14 @@ static int string_scan_range(RList *list, const ut8 *buf, int min, const ut64 fr
|
||||
ut8 tmp[R_STRING_SCAN_BUFFER_SIZE];
|
||||
ut64 needle = from, str_start;
|
||||
int count = 0, i, rc, runes, str_type = R_STRING_TYPE_DETECT;
|
||||
if (type == -1)
|
||||
|
||||
if (type == -1) {
|
||||
type = R_STRING_TYPE_DETECT;
|
||||
}
|
||||
|
||||
if (!buf || !min)
|
||||
if (!buf || !min) {
|
||||
return -1;
|
||||
|
||||
}
|
||||
while (needle < to) {
|
||||
rc = r_utf8_decode (buf + needle, to - needle, NULL);
|
||||
if (!rc) {
|
||||
@ -155,8 +157,12 @@ static int string_scan_range(RList *list, const ut8 *buf, int min, const ut64 fr
|
||||
|
||||
if (str_type == R_STRING_TYPE_DETECT) {
|
||||
char *w = (char *)buf + needle + rc;
|
||||
bool is_wide = needle + rc + 2 < to && !w[0] && w[1] && !w[2];
|
||||
str_type = is_wide? R_STRING_TYPE_WIDE: R_STRING_TYPE_ASCII;
|
||||
if ((to - needle) > 2) {
|
||||
bool is_wide = needle + rc + 2 < to && !w[0] && w[1] && !w[2];
|
||||
str_type = is_wide? R_STRING_TYPE_WIDE: R_STRING_TYPE_ASCII;
|
||||
} else {
|
||||
str_type = R_STRING_TYPE_ASCII;
|
||||
}
|
||||
}
|
||||
|
||||
runes = 0;
|
||||
@ -189,9 +195,8 @@ static int string_scan_range(RList *list, const ut8 *buf, int min, const ut64 fr
|
||||
if (r_isprint (r)) {
|
||||
rc = r_utf8_encode (&tmp[i], r);
|
||||
runes++;
|
||||
}
|
||||
/* Print the escape code */
|
||||
else if (r && r < 0x100 && strchr ("\b\v\f\n\r\t\a\e", (char)r)) {
|
||||
/* Print the escape code */
|
||||
} else if (r && r < 0x100 && strchr ("\b\v\f\n\r\t\a\e", (char)r)) {
|
||||
if ((i + 32) < sizeof (tmp) && r < 28) {
|
||||
tmp[i + 0] = '\\';
|
||||
tmp[i + 1] = " abtnvfr e"[r];
|
||||
@ -201,9 +206,10 @@ static int string_scan_range(RList *list, const ut8 *buf, int min, const ut64 fr
|
||||
}
|
||||
rc = 2;
|
||||
runes++;
|
||||
} else {
|
||||
/* \0 marks the end of C-strings */
|
||||
break;
|
||||
}
|
||||
/* \0 marks the end of C-strings */
|
||||
else break;
|
||||
}
|
||||
|
||||
tmp[i++] = '\0';
|
||||
@ -224,7 +230,6 @@ static int string_scan_range(RList *list, const ut8 *buf, int min, const ut64 fr
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
|
||||
@ -40,18 +40,20 @@ static int r_debug_gdb_reg_read(RDebug *dbg, int type, ut8 *buf, int size) {
|
||||
copy_size = R_MIN (desc->data_len, size);
|
||||
buflen = R_MAX (desc->data_len, buflen);
|
||||
if (reg_buf) {
|
||||
if (buf_size < copy_size) { //desc->data_len) {
|
||||
ut8* new_buf = realloc (reg_buf, copy_size);
|
||||
if (!new_buf)
|
||||
// if (buf_size < copy_size) { //desc->data_len) {
|
||||
if (buflen > buf_size) { //copy_size) {
|
||||
ut8* new_buf = realloc (reg_buf, buflen);
|
||||
if (!new_buf) {
|
||||
return -1;
|
||||
}
|
||||
reg_buf = new_buf;
|
||||
buflen = copy_size;
|
||||
buf_size = desc->data_len;
|
||||
buf_size = buflen;
|
||||
}
|
||||
} else {
|
||||
reg_buf = calloc (buflen, 1);
|
||||
if (!reg_buf)
|
||||
if (!reg_buf) {
|
||||
return -1;
|
||||
}
|
||||
buf_size = buflen;
|
||||
}
|
||||
memset ((void*)(volatile void*)buf, 0, size);
|
||||
|
||||
@ -37,7 +37,7 @@ static int debug_gdb_read_at(ut8 *buf, int sz, ut64 addr) {
|
||||
if (sz < 1 || addr >= UT64_MAX) return -1;
|
||||
for (x = 0; x < packets; x++) {
|
||||
gdbr_read_memory (desc, addr + x * size_max, size_max);
|
||||
memcpy ((buf + x * size_max), desc->data + x * size_max, size_max);
|
||||
memcpy ((buf + x * size_max), desc->data + x * size_max, R_MIN (sz, size_max));
|
||||
}
|
||||
if (last) {
|
||||
gdbr_read_memory (desc, addr + x * size_max, last);
|
||||
|
||||
@ -192,9 +192,10 @@ static const int nonprintable_ranges_count = sizeof (nonprintable_ranges) / size
|
||||
|
||||
/* Convert an UTF-8 buf into a unicode RRune */
|
||||
R_API int r_utf8_decode (const ut8 *ptr, int ptrlen, RRune *ch) {
|
||||
if (ptrlen<1)
|
||||
if (ptrlen < 1) {
|
||||
return 0;
|
||||
if (ptrlen>0 && ptr[0] < 0x80) {
|
||||
}
|
||||
if (ptrlen > 0 && ptr[0] < 0x80) {
|
||||
if (ch) *ch = (ut32)ptr[0];
|
||||
return 1;
|
||||
} else if (ptrlen>1 && (ptr[0]&0xe0) == 0xc0 && (ptr[1]&0xc0) == 0x80) {
|
||||
@ -277,19 +278,23 @@ R_API int r_utf8_strlen (const ut8 *str) {
|
||||
}
|
||||
|
||||
R_API int r_isprint (const RRune c) {
|
||||
const last = nonprintable_ranges_count;
|
||||
int low, hi, mid;
|
||||
|
||||
low = 0;
|
||||
hi = nonprintable_ranges_count - 1;
|
||||
hi = last - 1;
|
||||
|
||||
do {
|
||||
mid = (low + hi) >> 1;
|
||||
if (c >= nonprintable_ranges[mid].from && c <= nonprintable_ranges[mid].to)
|
||||
if (c >= nonprintable_ranges[mid].from && c <= nonprintable_ranges[mid].to) {
|
||||
return false;
|
||||
if (c > nonprintable_ranges[mid].to)
|
||||
}
|
||||
if (mid < last && c > nonprintable_ranges[mid].to) {
|
||||
low = mid + 1;
|
||||
if (c < nonprintable_ranges[mid].from)
|
||||
}
|
||||
if (mid < last && c < nonprintable_ranges[mid].from) {
|
||||
hi = mid - 1;
|
||||
}
|
||||
} while (low <= hi);
|
||||
|
||||
return true;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user