Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-11-23 13:19:54 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fix UAF in y-;q and assert with 0 size functions ##crash

Browse Source
This commit is contained in:
pancake 2023-03-06 14:01:12 +01:00
parent d782b76fb7
commit b673677a81
4 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libr/core/cmd_anal.c
View File

@ -3271,7 +3271,7 @@ static int cmd_afbplus(RCore *core, const char *input) {
fcnaddr = r_num_math (core->num, r_str_word_get0 (ptr, 0));
}
fcn = r_anal_get_function_at (core->anal, fcnaddr);
if (fcn) {
if (fcn && size > 0) {
if (!r_anal_function_add_bb (core->anal, fcn, addr, size, jump, fail, diff)) {
R_LOG_ERROR ("afb+: Cannot add basic block at 0x%08"PFMT64x" with size %d", addr, (int)size);
}

1
libr/core/yank.c
View File

@ -384,6 +384,7 @@ R_API int r_core_yank_hud_path(RCore *core, const char *input, int dir) {
R_API void r_core_yank_unset(RCore *core) {
r_buf_free (core->yank_buf);
core->yank_buf = NULL;
core->yank_addr = UT64_MAX;
}

4
test/fuzz/fuzz_bin2.c
View File

@ -17,8 +17,8 @@ static void usage() {
int LLVMFuzzerInitialize(int *lf_argc, char ***lf_argv) {
r_sys_clearenv ();
r_sandbox_enable (true);
r_sandbox_grain (R_SANDBOX_GRAIN_NONE);
// r_sandbox_enable (true);
// r_sandbox_grain (R_SANDBOX_GRAIN_NONE);
r_log_set_quiet (true);
int argc = *lf_argc;

7
test/fuzz/fuzz_cmd.c
View File

@ -9,13 +9,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size < 1) {
return 0;
}
RCore *r = r_core_new();
RCore *r = r_core_new ();
if (Size < 1) {
return 0;
}
r_core_cmdf (r, "o malloc://%zu", Size);
r_io_write_at (r->io, 0, Data, Size);
// r_core_cmdf (r, "o malloc://%zu", Size);
// r_io_write_at (r->io, 0, Data, Size);
r_core_cmd0 (r, "o /bin/ls");
char *cmd = r_str_ndup ((const char *)Data, Size);
if (cmd) {