Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-04-01 17:11:51 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Prevent MDMP directory entry reads from running out of binary (#11753)

Browse Source
This commit is contained in:
Khairul Azhar Kasmiran 2018-10-07 06:30:24 +08:00 committed by radare
parent 17dd57b8c1
commit b9d57f1643
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libr/bin/format/mdmp/mdmp.c
View File

@ -730,7 +730,7 @@ static bool r_bin_mdmp_init_directory_entry(struct r_bin_mdmp_obj *obj, struct m
}
static bool r_bin_mdmp_init_directory(struct r_bin_mdmp_obj *obj) {
int i;
ut32 i;
struct minidump_directory entry;
sdb_num_set (obj->kv, "mdmp_directory.offset",
@ -739,9 +739,15 @@ static bool r_bin_mdmp_init_directory(struct r_bin_mdmp_obj *obj) {
"(mdmp_stream_type)StreamType "
"(mdmp_location_descriptor)Location", 0);
/* Parse each entry in the directory */
ut64 rvadir = obj->hdr->stream_directory_rva;
for (i = 0; i < (int)obj->hdr->number_of_streams; i++) {
ut64 bytes_left = rvadir < obj->size ? obj->size - rvadir : 0;
size_t max_entries = R_MIN (obj->hdr->number_of_streams, bytes_left / sizeof (struct minidump_directory));
if (max_entries < obj->hdr->number_of_streams) {
eprintf ("[ERROR] Number of streams = %u is greater than can be supported by bin size\n",
obj->hdr->number_of_streams);
}
/* Parse each entry in the directory */
for (i = 0; i < max_entries; i++) {
ut32 delta = i * sizeof (struct minidump_directory);
int r = r_buf_read_at (obj->b, rvadir + delta, (ut8*) &entry, sizeof (struct minidump_directory));
if (r) {