Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-12-03 19:01:31 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Avoid a few out-of-bounds reads

Browse Source 
* When "omr" is called without any arguments
  + instead just do nothing
* in string_scan_range
* unbounded pdj now works under ASAN.
  + But what did the +5 do there?
* on px/ without arguments
This commit is contained in:
Jonathan Neuschäfer 2014-08-25 22:56:47 +02:00 committed by jvoisin
parent 109406d799
commit ed2470bc2c
4 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libr/bin/bin.c
View File

@ -129,7 +129,8 @@ static int string_scan_range (RList *list, const ut8 *buf, int min, const ut64 f
str_type = type; str_type = type;
if (str_type == R_STRING_TYPE_DETECT) { if (str_type == R_STRING_TYPE_DETECT) {
if (buf[needle+rc+0] == 0x00 && if (needle+rc+2 < to &&
buf[needle+rc+0] == 0x00 &&
buf[needle+rc+1] != 0x00 && buf[needle+rc+1] != 0x00 &&
buf[needle+rc+2] == 0x00) buf[needle+rc+2] == 0x00)
str_type = R_STRING_TYPE_WIDE; str_type = R_STRING_TYPE_WIDE;

5
libr/core/cmd_open.c
View File

@ -164,7 +164,10 @@ static int cmd_open(void *data, const char *input) {
case 'r': case 'r':
{ {
ut64 cur, new; ut64 cur, new;
const char *p = strchr (input+3, ' '); const char *p;
if (input[2] != ' ')
break;
p = strchr (input+3, ' ');
if (p) { if (p) {
cur = r_num_math (core->num, input+3); cur = r_num_math (core->num, input+3);
new = r_num_math (core->num, p+1); new = r_num_math (core->num, p+1);

3
libr/core/cmd_print.c
View File

@ -300,6 +300,9 @@ R_API void r_core_print_examine(RCore *core, const char *str) {
if (count<1) count = 1; if (count<1) count = 1;
// skipsapces // skipsapces
while (*str>='0' && *str<='9') str++; while (*str>='0' && *str<='9') str++;
// "px/" alone isn't a full command.
if (!str[0]) return;
#if 0 #if 0
Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes). Size letters are b(byte), h(halfword), w(word), g(giant, 8 bytes).
#endif #endif

4
libr/core/disasm.c
View File

@ -1955,7 +1955,7 @@ R_API int r_core_print_disasm_json(RCore *core, ut64 addr, ut8 *buf, int nb_byte
ut64 at = addr +i; ut64 at = addr +i;
char *escaped_str = NULL; char *escaped_str = NULL;
r_asm_set_pc (core->assembler, at); r_asm_set_pc (core->assembler, at);
ret = r_asm_disassemble (core->assembler, &asmop, buf+i, nb_bytes-i+5); ret = r_asm_disassemble (core->assembler, &asmop, buf+i, nb_bytes-i);
if (ret<1) { if (ret<1) {
r_cons_printf (i>0? ",{": "{"); r_cons_printf (i>0? ",{": "{");
r_cons_printf ("\"offset\":%"PFMT64d, at); r_cons_printf ("\"offset\":%"PFMT64d, at);
@ -1963,7 +1963,7 @@ R_API int r_core_print_disasm_json(RCore *core, ut64 addr, ut8 *buf, int nb_byte
i++; i++;
continue; continue;
} }
r_anal_op (core->anal, &analop, at, buf+i, nb_bytes-i+5); r_anal_op (core->anal, &analop, at, buf+i, nb_bytes-i);
oplen = r_asm_op_get_size (&asmop); oplen = r_asm_op_get_size (&asmop);
r_cons_printf (i>0? ",{": "{"); r_cons_printf (i>0? ",{": "{");