mirror of
https://github.com/radareorg/radare2.git
synced 2024-12-01 00:51:19 +00:00
Fix oom spotted in the wasm bin parser and other stylish things ##crash
This commit is contained in:
pancake
pancake
parent
f1a8261067
commit
b1f71c6cba
@ -193,7 +193,6 @@ FUNC_ATTR_USED static bool dis_read_type(RBuffer *buf, struct dis_type *typ) {
|
||||
|
||||
FUNC_ATTR_USED static bool dis_read_link(RBuffer *buf, struct dis_link *link) {
|
||||
ut8 k[4];
|
||||
ut64 i;
|
||||
|
||||
if (!dis_read_operand (buf, &link->pc)) {
|
||||
return false;
|
||||
@ -211,7 +210,7 @@ FUNC_ATTR_USED static bool dis_read_link(RBuffer *buf, struct dis_link *link) {
|
||||
// TODO: ignored for now (unused)
|
||||
link->name = NULL;
|
||||
// skip
|
||||
for (i = 0; ; i++) {
|
||||
for (;;) {
|
||||
ut8 b;
|
||||
if (r_buf_read (buf, &b, sizeof (b)) != sizeof (b)) {
|
||||
return false;
|
||||
|
||||
@ -1212,7 +1212,6 @@ R_API RBuffer *r_bin_package(RBin *bin, const char *type, const char *file, RLis
|
||||
ut64 from = 0x1000;
|
||||
r_buf_write_at (buf, 4, num8, 4);
|
||||
int off = 12;
|
||||
int item = 0;
|
||||
r_list_foreach (files, iter, f) {
|
||||
size_t f_len = 0;
|
||||
ut8 *f_buf = (ut8 *)r_file_slurp (f, &f_len);
|
||||
@ -1221,7 +1220,6 @@ R_API RBuffer *r_bin_package(RBin *bin, const char *type, const char *file, RLis
|
||||
free (f_buf);
|
||||
continue;
|
||||
}
|
||||
item++;
|
||||
/* CPU */
|
||||
num8[0] = f_buf[7];
|
||||
num8[1] = f_buf[6];
|
||||
|
||||
@ -1443,7 +1443,7 @@ static int bin_pe_init_imports(RBinPEObj* pe) {
|
||||
int dir_size = sizeof (PE_(image_import_directory));
|
||||
int delay_import_size = sizeof (PE_(image_delay_import_directory));
|
||||
int indx = 0;
|
||||
int rr, count = 0;
|
||||
int rr;
|
||||
int import_dir_size = data_dir_import->Size;
|
||||
int delay_import_dir_size = data_dir_delay_import->Size;
|
||||
/// HACK to modify import size because of begin 0.. this may report wrong info con corkami tests
|
||||
@ -1469,7 +1469,6 @@ static int bin_pe_init_imports(RBinPEObj* pe) {
|
||||
import_dir_size = maxidsz;
|
||||
}
|
||||
pe->import_directory_offset = import_dir_offset;
|
||||
count = 0;
|
||||
do {
|
||||
new_import_dir = (PE_(image_import_directory)*)realloc (import_dir, ((1 + indx) * dir_size));
|
||||
if (!new_import_dir) {
|
||||
@ -1490,7 +1489,6 @@ static int bin_pe_init_imports(RBinPEObj* pe) {
|
||||
break; //goto fail;
|
||||
}
|
||||
indx++;
|
||||
count++;
|
||||
} while (curr_import_dir->FirstThunk != 0 || curr_import_dir->Name != 0 ||
|
||||
curr_import_dir->TimeDateStamp != 0 || curr_import_dir->Characteristics != 0 ||
|
||||
curr_import_dir->ForwarderChain != 0);
|
||||
|
||||
@ -94,6 +94,10 @@ static inline bool consume_str_new(RBuffer *b, ut64 bound, ut32 *len_out, char *
|
||||
ut32 len = 0;
|
||||
// module_str
|
||||
if (consume_u32_r (b, bound, &len)) {
|
||||
if (len > 0xffff) {
|
||||
// avoid large allocations can be caused by fuzzed bins
|
||||
return false;
|
||||
}
|
||||
char *str = (char *)malloc (len + 1);
|
||||
if (str && consume_str_r (b, bound, len, str)) {
|
||||
if (len_out) {
|
||||
|
||||
@ -61,7 +61,7 @@ static void r_cf_value_free(RCFValue *value);
|
||||
|
||||
RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size, int options) {
|
||||
RCFValueDict *result = NULL;
|
||||
int i, depth = 0;
|
||||
int i;
|
||||
char *content = NULL;
|
||||
|
||||
RXml *x = r_xml_new (4096);
|
||||
@ -148,10 +148,9 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
|
||||
if (next_state) {
|
||||
r_list_push (stack, next_state);
|
||||
} else {
|
||||
eprintf ("Missing next state for elem: %s phase: %d\n", x->elem, state->phase);
|
||||
R_LOG_ERROR ("Missing next state for elem: %s phase: %d", x->elem, state->phase);
|
||||
break;
|
||||
}
|
||||
depth++;
|
||||
|
||||
break;
|
||||
}
|
||||
@ -168,14 +167,14 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
|
||||
r_cf_parse_state_free (state);
|
||||
break;
|
||||
} else {
|
||||
eprintf ("Root element is not a dict\n");
|
||||
R_LOG_ERROR ("Root element is not a dict");
|
||||
goto beach;
|
||||
}
|
||||
}
|
||||
|
||||
if (next_state->phase == R_CF_STATE_IN_DICT && state->phase == R_CF_STATE_IN_KEY) {
|
||||
if (!content) {
|
||||
eprintf ("NULL key not supported\n");
|
||||
R_LOG_ERROR ("NULL key not supported");
|
||||
goto beach;
|
||||
}
|
||||
next_state->key = content;
|
||||
@ -227,7 +226,7 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
|
||||
RCFKeyValue *key_value = r_cf_key_value_new (next_state->key, value);
|
||||
r_cf_value_dict_add (next_state->dict, key_value);
|
||||
} else if (state->phase != R_CF_STATE_IN_IGNORE) {
|
||||
eprintf ("Missing value for key %s\n", next_state->key);
|
||||
R_LOG_WARN ("Missing value for key %s", next_state->key);
|
||||
r_cf_value_free ((RCFValue *)value);
|
||||
goto beach;
|
||||
}
|
||||
@ -235,14 +234,12 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
|
||||
if (value) {
|
||||
r_cf_value_array_add (next_state->array, value);
|
||||
} else if (state->phase != R_CF_STATE_IN_IGNORE) {
|
||||
eprintf ("Missing value for array\n");
|
||||
R_LOG_WARN ("Missing value for array");
|
||||
r_cf_value_free ((RCFValue *)value);
|
||||
goto beach;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
depth--;
|
||||
content = NULL;
|
||||
r_cf_parse_state_free (state);
|
||||
break;
|
||||
@ -266,9 +263,8 @@ RCFValueDict *r_cf_value_dict_parse (RBuffer *file_buf, ut64 offset, ut64 size,
|
||||
|
||||
RXmlRet r = r_xml_eof (x);
|
||||
if (r < 0) {
|
||||
eprintf ("Invalid xml\n");
|
||||
R_LOG_ERROR ("Invalid xml");
|
||||
}
|
||||
|
||||
beach:
|
||||
r_xml_free (x);
|
||||
r_list_free (stack);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user