Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-09 07:42:25 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Early break when parsing corrupted DEXs to avoid DoS ##crash

Browse Source 
* Reported by Google clusterfuzz
* Reproducer: clusterfuzz-testcase-minimized-ia_fuzz-5227091270959104
This commit is contained in:
pancake 2022-02-15 12:35:34 +01:00 committed by GitHub
parent 46a69a5014
commit a88843e989
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libr/bin/p/bin_dex.c
View File

@ -267,8 +267,12 @@ static char *dex_get_proto(RBinDexObj *bin, int proto_id) {
}
size_t typeidx_bufsize = (list_size * sizeof (ut16));
if (params_off + typeidx_bufsize > bin->size) {
eprintf ("Warning: truncated typeidx buffer from %d to %d\n",
(int)(params_off + typeidx_bufsize), (int)(bin->size - params_off));
typeidx_bufsize = bin->size - params_off;
eprintf ("Warning: truncated typeidx buffer\n");
// early return as this may result on so many trashy symbols that take too much time to load
// this is only happening when there's a corrupted dex.
return NULL;
}
RStrBuf *sig = r_strbuf_new ("(");
if (typeidx_bufsize > 0) {