Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-11-23 13:19:54 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fix infinite loop in dyldcache parser ##fuzz

Browse Source
This commit is contained in:
pancake 2022-09-12 17:31:24 +02:00
parent 3df30c7e9e
commit cbc943bd32
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libr/bin/p/bin_dyldcache.c
View File

@ -1101,7 +1101,7 @@ static ut64 resolve_symbols_off(RDyldCache *cache, ut64 pa) {
return 0;
}
ut32 cmdsize = r_buf_read_le32_at (cache->buf, cursor + sizeof (ut32));
if (cmdsize == UT32_MAX) {
if (cmdsize == UT32_MAX || cmdsize < 1) {
return 0;
}
if (cmd == LC_SEGMENT || cmd == LC_SEGMENT_64) {

24
test/fuzz/fuzz_bin.c
View File

@ -7,7 +7,7 @@
#include <r_util/r_sys.h>
#include <r_util/r_sandbox.h>
const char *opt_forcebin = NULL;
static const char *opt_forcebin = NULL;
static void usage() {
printf (
@ -32,8 +32,8 @@ int LLVMFuzzerInitialize(int *lf_argc, char ***lf_argv) {
bool has_args = false;
int i, c;
for (i = 1; i < argc; i++) {
++argv;
if (strcmp((*lf_argv)[i], "--") == 0) {
argv++;
if (!strcmp ((*lf_argv)[i], "--")) {
has_args = true;
break;
}
@ -41,19 +41,19 @@ int LLVMFuzzerInitialize(int *lf_argc, char ***lf_argv) {
if (has_args) {
*lf_argc = i;
argc = argc - i;
argc -= i;
RGetopt opt;
r_getopt_init (&opt, argc, argv, "F:");
while ((c = r_getopt_next (&opt)) != -1) {
switch (c) {
case 'F':
opt_forcebin = opt.arg;
break;
default:
usage();
break;
}
switch (c) {
case 'F':
opt_forcebin = opt.arg;
break;
default:
usage();
break;
}
}
if (opt.ind < argc) {