Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-13 18:32:56 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix oobread in mach0 parser

Browse Source
This commit is contained in:
pancake 2016-09-26 18:41:14 +02:00
parent 3986ea1fbb
commit b002bbf316
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libr/bin/format/mach0/mach0.c
View File

@ -569,9 +569,13 @@ static bool parse_signature(struct MACH0_(obj_t) *bin, ut64 off) {
bin->signature = (ut8 *)strdup ("Malformed entitlement");
break;
}
struct blob_index_t *bi = (struct blob_index_t *)(bin->b->buf + data + 12);
idx.type = r_read_ble32 (&bi[i].type, little_);
idx.offset = r_read_ble32 (&bi[i].offset, little_);
struct blob_index_t bi; // = (struct blob_index_t *)(bin->b->buf + data + 12);
if (r_buf_read_at (bin->b, data + 12 + (i * sizeof (struct blob_index_t)),
&bi, sizeof (struct blob_index_t)) < sizeof (struct blob_index_t)) {
break;
}
idx.type = r_read_ble32 (&bi.type, little_);
idx.offset = r_read_ble32 (&bi.offset, little_);
if (idx.type == CSSLOT_ENTITLEMENTS) {
if (idx.offset > bin->size || idx.offset + sizeof (struct blob_t) > bin->size) {
bin->signature = (ut8 *)strdup ("Malformed entitlement");