mirror of
https://github.com/radareorg/radare2.git
synced 2024-10-09 11:53:39 +00:00
Fix some issues reported by CoverityScan service
This commit is contained in:
pancake
parent
32bfab2a50
commit
d02df0d306
@ -427,7 +427,7 @@ int main(int argc, char **argv) {
|
||||
if (p2) {
|
||||
// has data
|
||||
*p2++ = 0;
|
||||
data = malloc (strlen (p2));
|
||||
data = malloc (strlen (p2)+1);
|
||||
datalen = r_hex_str2bin (p2, data);
|
||||
} else {
|
||||
data = NULL;
|
||||
|
||||
@ -231,7 +231,7 @@ R_API RAnalOp *r_anal_op_hexstr(RAnal *anal, ut64 addr, const char *str) {
|
||||
int len;
|
||||
ut8 *buf;
|
||||
RAnalOp *op = R_NEW0 (RAnalOp);
|
||||
buf = malloc (strlen (str));
|
||||
buf = malloc (strlen (str)+1);
|
||||
len = r_hex_str2bin (str, buf);
|
||||
r_anal_op (anal, op, addr, buf, len);
|
||||
return op;
|
||||
|
||||
@ -109,6 +109,7 @@ R_API int r_meta_cleanup(RMeta *m, ut64 from, ut64 to) {
|
||||
return R_TRUE;
|
||||
}
|
||||
/* No _safe loop necessary because we break immediately after the delete. */
|
||||
if (m)
|
||||
r_list_foreach (m->data, iter, d) {
|
||||
switch (d->type) {
|
||||
case R_META_TYPE_CODE:
|
||||
|
||||
@ -77,6 +77,7 @@ R_API int r_anal_type_frame (RAnal *anal, ut64 addr, const char *type, const cha
|
||||
R_API int r_anal_type_frame_del (RAnal *anal, ut64 addr, const char *name) {
|
||||
//"(-)frame.%08"PFMT64x"=%s", addr, name
|
||||
//"frame.%08"PFMT64x".%s=", addr, name
|
||||
return R_TRUE;
|
||||
}
|
||||
|
||||
R_API int r_anal_type_link (RAnal *anal, const char *val, ut64 addr) {
|
||||
|
||||
@ -717,10 +717,10 @@ int Assemble(char *cmd,ulong ip,t_asmmodel *model,int attempt,
|
||||
nameend=asmcmd;
|
||||
strupr(sdata);
|
||||
// Prepare full mnemonic (including repeat prefix, if any).
|
||||
if (rep==SCAN_REP) sprintf(name,"REP %s",sdata);
|
||||
else if (rep==SCAN_REPE) sprintf(name,"REPE %s",sdata);
|
||||
else if (rep==SCAN_REPNE) sprintf(name,"REPNE %s",sdata);
|
||||
else strcpy(name,sdata);
|
||||
if (rep==SCAN_REP) snprintf(name,sizeof(name)-1,"REP %s",sdata);
|
||||
else if (rep==SCAN_REPE) snprintf(name,sizeof(name)-1,"REPE %s",sdata);
|
||||
else if (rep==SCAN_REPNE) snprintf(name,sizeof(name)-1,"REPNE %s",sdata);
|
||||
else strncpy(name,sdata, sizeof(name)-1);
|
||||
Scanasm(0);
|
||||
// Parse command operands (up to 3). Note: jump address is always the first
|
||||
// (and only) operand in actual command set.
|
||||
|
||||
@ -647,10 +647,10 @@ struct r_bin_mach0_reloc_t* MACH0_(r_bin_mach0_get_relocs)(struct MACH0_(r_bin_m
|
||||
|
||||
if (bin->dyld_info) {
|
||||
ut8 *opcodes, *p, *end, type, rel_type;
|
||||
int lib_ord, seg_idx, sym_ord = -1, wordsize;
|
||||
int lib_ord, seg_idx = -1, sym_ord = -1, wordsize;
|
||||
size_t j, count, skip, bind_size, lazy_size;
|
||||
st64 addend = 0;
|
||||
ut64 addr;
|
||||
ut64 addr = 0LL;
|
||||
|
||||
wordsize = MACH0_(r_bin_mach0_get_bits)(bin) / 8;
|
||||
#define CASE(T) case (T / 8): rel_type = R_BIN_RELOC_ ## T; break
|
||||
@ -808,7 +808,8 @@ struct r_bin_mach0_addr_t* MACH0_(r_bin_mach0_get_entrypoint)(struct MACH0_(r_bi
|
||||
if (bin->entry) {
|
||||
entry->offset = MACH0_(r_bin_mach0_addr_to_offset)(bin, bin->entry);
|
||||
entry->addr = bin->entry;
|
||||
}
|
||||
}
|
||||
entry->addr = 0LL;
|
||||
if (!bin->entry || (entry->offset==0)) {
|
||||
// XXX: section name doesnt matters at all.. just check for exec flags
|
||||
for (i = 0; i < bin->nsects; i++) {
|
||||
@ -816,7 +817,7 @@ struct r_bin_mach0_addr_t* MACH0_(r_bin_mach0_get_entrypoint)(struct MACH0_(r_bi
|
||||
entry->offset = (ut64)bin->sects[i].offset;
|
||||
entry->addr = (ut64)bin->sects[i].addr;
|
||||
if (entry->addr==0) // workaround for object files
|
||||
entry->addr=entry->offset;
|
||||
entry->addr = entry->offset;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -455,7 +455,7 @@ struct r_bin_pe_lib_t* PE_(r_bin_pe_get_libs)(struct PE_(r_bin_pe_obj_t) *bin) {
|
||||
}
|
||||
}
|
||||
for (i = 0; i < j; i++) {
|
||||
libs[i].name[PE_STRING_LENGTH] = '\0';
|
||||
libs[i].name[PE_STRING_LENGTH-1] = '\0';
|
||||
libs[i].last = 0;
|
||||
}
|
||||
libs[i].last = 1;
|
||||
@ -641,7 +641,7 @@ struct r_bin_pe_section_t* PE_(r_bin_pe_get_sections)(struct PE_(r_bin_pe_obj_t)
|
||||
}
|
||||
for (i = 0; i < sections_count; i++) {
|
||||
memcpy (sections[i].name, shdr[i].Name, PE_IMAGE_SIZEOF_SHORT_NAME);
|
||||
sections[i].name[PE_IMAGE_SIZEOF_SHORT_NAME] = '\0';
|
||||
sections[i].name[PE_IMAGE_SIZEOF_SHORT_NAME-1] = '\0';
|
||||
sections[i].rva = shdr[i].VirtualAddress;
|
||||
sections[i].size = shdr[i].SizeOfRawData;
|
||||
sections[i].vsize = shdr[i].Misc.VirtualSize;
|
||||
|
||||
@ -188,11 +188,14 @@ static int prune_hits_in_hit_range(RList *hits, RCoreAsmHit *hit){
|
||||
end_range = hit->addr + hit->len;
|
||||
r_list_foreach_safe (hits, iter, iter_tmp, to_check_hit){
|
||||
if (to_check_hit && is_hit_inrange(to_check_hit, start_range, end_range)) {
|
||||
IFDBG eprintf ("Found hit that clashed (start: 0x%"PFMT64x" - end: 0x%"PFMT64x" ), 0x%"PFMT64x" len: %d (valid: %d 0x%"PFMT64x" - 0x%"PFMT64x")\n", start_range, end_range,
|
||||
to_check_hit->addr, to_check_hit->len, to_check_hit->valid, to_check_hit->addr, to_check_hit->addr+to_check_hit->len);
|
||||
IFDBG eprintf ("Found hit that clashed (start: 0x%"PFMT64x
|
||||
" - end: 0x%"PFMT64x" ), 0x%"PFMT64x" len: %d (valid: %d 0x%"PFMT64x
|
||||
" - 0x%"PFMT64x")\n", start_range, end_range, to_check_hit->addr,
|
||||
to_check_hit->len, to_check_hit->valid, to_check_hit->addr,
|
||||
to_check_hit->addr+to_check_hit->len);
|
||||
// XXX - could this be a valid decode instruction we are deleting?
|
||||
r_list_delete (hits, iter);
|
||||
iter->data = NULL;
|
||||
//iter->data = NULL;
|
||||
to_check_hit = NULL;
|
||||
result ++;
|
||||
}
|
||||
|
||||
@ -1156,6 +1156,7 @@ next2:
|
||||
const char *offstr;
|
||||
char *f, *ptr2 = strchr (ptr+1, '!');
|
||||
int sz, len;
|
||||
addr = 0LL;
|
||||
tmpoff = core->offset;
|
||||
tmpbsz = core->blocksize;
|
||||
|
||||
@ -1185,7 +1186,7 @@ repeat_arroba:
|
||||
break;
|
||||
case '8':
|
||||
case 'b':
|
||||
buf = malloc (strlen (ptr+2));
|
||||
buf = malloc (strlen (ptr+2)+1);
|
||||
if (!buf) {
|
||||
eprintf ("cannot allocate\n");
|
||||
return R_FALSE;
|
||||
|
||||
@ -291,7 +291,7 @@ static int cmd_anal(void *data, const char *input) {
|
||||
case '8': // TODO: rename to 'ab'?
|
||||
if (input[1]==' ') {
|
||||
int len;
|
||||
ut8 *buf = malloc (strlen (input));
|
||||
ut8 *buf = malloc (strlen (input)+1);
|
||||
len = r_hex_str2bin (input+2, buf);
|
||||
if (len>0)
|
||||
r_core_anal_bytes (core, buf, len, 0);
|
||||
|
||||
@ -204,7 +204,7 @@ static int cmd_cmp(void *data, const char *input) {
|
||||
eprintf ("Usage: cx 001122'\n");
|
||||
return 0;
|
||||
}
|
||||
buf = (ut8*)malloc (strlen (input+2));
|
||||
buf = (ut8*)malloc (strlen (input+2)+1);
|
||||
ret = r_hex_str2bin (input+2, buf);
|
||||
if (ret<1) eprintf ("Cannot parse hexpair\n");
|
||||
else radare_compare (core, core->block, buf, ret);
|
||||
|
||||
@ -244,8 +244,8 @@ static int cmd_meta(void *data, const char *input) {
|
||||
if (pattern && varsub)
|
||||
for (i = 0; i < R_ANAL_VARSUBS; i++)
|
||||
if (f->varsubs[i].pat[0] == '\0' || !strcmp (f->varsubs[i].pat, pattern)) {
|
||||
strncpy (f->varsubs[i].pat, pattern, 1023);
|
||||
strncpy (f->varsubs[i].sub, varsub, 1023);
|
||||
strncpy (f->varsubs[i].pat, pattern, sizeof (f->varsubs[i].pat)-1);
|
||||
strncpy (f->varsubs[i].sub, varsub, sizeof (f->varsubs[i].sub)-1);
|
||||
break;
|
||||
}
|
||||
} else eprintf ("Error: Function not found\n");
|
||||
|
||||
@ -54,7 +54,7 @@ R_API int r_core_search_preludes(RCore *core) {
|
||||
ut64 to = core->offset+0xffffff; // hacky!
|
||||
// TODO: this is x86 only
|
||||
if (prelude && *prelude) {
|
||||
ut8 *kw = malloc (strlen (prelude));
|
||||
ut8 *kw = malloc (strlen (prelude)+1);
|
||||
int kwlen = r_hex_str2bin (prelude, kw);
|
||||
ret = r_core_search_prelude (core, from, to, kw, kwlen, NULL, 0);
|
||||
free (kw);
|
||||
@ -244,7 +244,6 @@ static int r_core_search_rop(RCore *core, ut64 from, ut64 to, int opt) {
|
||||
RAnalOp aop;
|
||||
int roplen, i, delta = to-from;
|
||||
ut64 ropat;
|
||||
int oplen = 0;
|
||||
if (delta<1)
|
||||
return R_FALSE;
|
||||
buf = malloc (delta);
|
||||
@ -252,6 +251,7 @@ static int r_core_search_rop(RCore *core, ut64 from, ut64 to, int opt) {
|
||||
for (i=0; i<delta; i++) {
|
||||
if (r_anal_op (core->anal, &aop, from+i, buf+i, delta-i)) {
|
||||
int ret = r_asm_disassemble (core->assembler, &asmop, buf+i, delta-i);
|
||||
if (ret>0)
|
||||
switch (aop.type) {
|
||||
case R_ANAL_OP_TYPE_TRAP:
|
||||
case R_ANAL_OP_TYPE_RET:
|
||||
|
||||
@ -61,7 +61,7 @@ R_API int r_core_write_op(RCore *core, const char *arg, char op) {
|
||||
|
||||
// XXX we can work with config.block instead of dupping it
|
||||
buf = (ut8 *)malloc (core->blocksize);
|
||||
str = (char *)malloc (strlen (arg));
|
||||
str = (char *)malloc (strlen (arg)+1);
|
||||
if (buf == NULL || str == NULL)
|
||||
goto beach;
|
||||
memcpy (buf, core->block, core->blocksize);
|
||||
|
||||
@ -65,8 +65,8 @@ static int _r_db_add_internal(struct r_db_t *db, int key, void *b) {
|
||||
block->data[0] = b;
|
||||
block->data[1] = NULL;
|
||||
} else {
|
||||
for(len=0;block->data[len];len++);
|
||||
block->data = realloc(block->data, sizeof(void *)*(len+1));
|
||||
for (len=0; block->data[len]; len++);
|
||||
block->data = realloc (block->data, sizeof (void *)*(len+2));
|
||||
block->data[len] = b;
|
||||
block->data[len+1] = NULL;
|
||||
}
|
||||
|
||||
@ -261,10 +261,12 @@ R_API int r_flag_rename(RFlag *f, RFlagItem *item, const char *name) {
|
||||
if (list) {
|
||||
RFlagItem *item = r_list_get_top (list);
|
||||
if (r_list_empty (list)) {
|
||||
r_list_free (list);
|
||||
//r_list_free (list);
|
||||
r_hashtable64_remove (f->ht_name, hash);
|
||||
} else {
|
||||
r_hashtable64_remove (f->ht_name, hash);
|
||||
r_list_delete_data (list, item);
|
||||
}
|
||||
r_list_delete_data (list, item);
|
||||
if (!r_flag_item_set_name (item, name)) {
|
||||
r_list_append (list, item);
|
||||
return R_FALSE;
|
||||
|
||||
20
libr/fs/fs.c
20
libr/fs/fs.c
@ -496,7 +496,7 @@ R_API char *r_fs_name (RFS *fs, ut64 offset) {
|
||||
|
||||
for (i=0; fstypes[i].name; i++) {
|
||||
RFSType *f = &fstypes[i];
|
||||
len = R_MIN (f->buflen, sizeof (buf));
|
||||
len = R_MIN (f->buflen, sizeof (buf)-1);
|
||||
fs->iob.read_at (fs->iob.io, offset + f->bufoff, buf, len);
|
||||
if (f->buflen>0 && !memcmp (buf, f->buf, f->buflen)) {
|
||||
ret = R_TRUE;
|
||||
@ -606,17 +606,18 @@ R_API int r_fs_prompt (RFS *fs, const char *root) {
|
||||
eprintf ("%s %s\n", r->path, r->p->name);
|
||||
}
|
||||
} else if (!memcmp (buf, "get ", 4)) {
|
||||
char *s;
|
||||
input = buf+3;
|
||||
while (input[0] == ' ')
|
||||
input++;
|
||||
s = malloc (strlen (str) + strlen (input) + 2);
|
||||
if (input[0] == '/') {
|
||||
if (root)
|
||||
strncpy (str, root, sizeof (str)-1);
|
||||
else str[0] = 0;
|
||||
} else strncpy (str, path, sizeof (str)-1);
|
||||
strcat (str, "/");
|
||||
strcat (str, input);
|
||||
file = r_fs_open (fs, str);
|
||||
if (root) strcpy (s, root);
|
||||
else *s = 0;
|
||||
} else strcpy (s, path);
|
||||
strcat (s, "/");
|
||||
strcat (s, input);
|
||||
file = r_fs_open (fs, s);
|
||||
if (file) {
|
||||
r_fs_read (fs, file, 0, file->size);
|
||||
r_file_dump (input, file->data, file->size);
|
||||
@ -625,9 +626,10 @@ R_API int r_fs_prompt (RFS *fs, const char *root) {
|
||||
} else {
|
||||
input -= 2; //OMFG!!!! O_O
|
||||
memcpy (input, "./", 2);
|
||||
if (!r_fs_dir_dump (fs, str, input))
|
||||
if (!r_fs_dir_dump (fs, s, input))
|
||||
printf ("Cannot open file\n");
|
||||
}
|
||||
free (s);
|
||||
} else if (!memcmp (buf, "help", 4) || !strcmp (buf, "?")) {
|
||||
eprintf (
|
||||
"Commands:\n"
|
||||
|
||||
@ -1725,23 +1725,24 @@ static int apprentice_compile(RMagic *ms, struct r_magic **magicp, ut32 *nmagicp
|
||||
|
||||
if (write(fd, ar, sizeof(ar)) != (ssize_t)sizeof(ar)) {
|
||||
file_error(ms, errno, "error writing `%s'", dbname);
|
||||
goto out;
|
||||
goto beach;
|
||||
}
|
||||
|
||||
if (lseek(fd, (off_t)sizeof(struct r_magic), SEEK_SET)
|
||||
!= sizeof(struct r_magic)) {
|
||||
file_error(ms, errno, "error seeking `%s'", dbname);
|
||||
goto out;
|
||||
goto beach;
|
||||
}
|
||||
|
||||
if (write(fd, *magicp, (sizeof(struct r_magic) * *nmagicp))
|
||||
!= (ssize_t)(sizeof(struct r_magic) * *nmagicp)) {
|
||||
file_error(ms, errno, "error writing `%s'", dbname);
|
||||
goto out;
|
||||
goto beach;
|
||||
}
|
||||
|
||||
(void)close(fd);
|
||||
rv = 0;
|
||||
beach:
|
||||
(void)close(fd);
|
||||
out:
|
||||
free(dbname);
|
||||
return rv;
|
||||
|
||||
@ -55,8 +55,8 @@ R_API RSearchKeyword* r_search_keyword_new_hex(const char *kwstr, const char *bm
|
||||
ut8 *kw, *bm;
|
||||
int bmlen, kwlen;
|
||||
if (kwstr != NULL) {
|
||||
kw = malloc (strlen (kwstr));
|
||||
bm = malloc (strlen (bmstr));
|
||||
kw = malloc (strlen (kwstr)+1);
|
||||
bm = malloc (strlen (bmstr)+1);
|
||||
if (kw != NULL && bm != NULL) {
|
||||
bmlen = r_hex_str2bin (bmstr, (ut8*)bm);
|
||||
kwlen = r_hex_str2bin (kwstr, (ut8*)kw);
|
||||
|
||||
@ -1236,3 +1236,5 @@ R_API void r_str_truncate_cmd(char *string) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// STATIC/DYNAMIC STRINGS API
|
||||
|
||||
@ -282,14 +282,14 @@ R_API int r_sys_cmd_str_full(const char *cmd, const char *input, char **output,
|
||||
if (pipe (sh_out)) {
|
||||
close (sh_in[0]);
|
||||
close (sh_in[1]);
|
||||
close (sh_out[0]);
|
||||
close (sh_out[1]);
|
||||
return R_FALSE;
|
||||
}
|
||||
}
|
||||
if (pipe (sh_err)) {
|
||||
close (sh_in[0]);
|
||||
close (sh_in[1]);
|
||||
close (sh_out[0]);
|
||||
close (sh_out[1]);
|
||||
return R_FALSE;
|
||||
}
|
||||
|
||||
@ -589,7 +589,7 @@ R_API char *r_sys_pid_to_path(int pid) {
|
||||
int ret;
|
||||
char buf[128], pathbuf[1024];
|
||||
snprintf (buf, sizeof (buf), "/proc/%d/exe", pid);
|
||||
ret = readlink (buf, pathbuf, sizeof (pathbuf));
|
||||
ret = readlink (buf, pathbuf, sizeof (pathbuf)-1);
|
||||
if (ret<1)
|
||||
return NULL;
|
||||
pathbuf[ret] = 0;
|
||||
|
||||
@ -950,9 +950,9 @@ R_API RBinJavaAttrInfo* r_bin_java_get_attr_from_field(RBinJavaField *field, R_B
|
||||
rvalue: NULL or the first occurrence of attr_type after pos
|
||||
|
||||
*/
|
||||
RBinJavaAttrInfo *attr, *item;
|
||||
RBinJavaAttrInfo *attr = NULL, *item;
|
||||
RListIter *iter;
|
||||
ut32 i;
|
||||
ut32 i = 0;
|
||||
|
||||
if (field) {
|
||||
r_list_foreach (field->attributes, iter, item) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user