Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-01-16 10:38:45 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fix possible overflow in ds_atabs

Browse Source
This commit is contained in:
alvaro_fe 2016-09-27 00:00:09 +02:00
parent f8b6fab24f
commit ff18723f6b
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
libr/core/disasm.c
View File

@ -873,24 +873,25 @@ static void ds_atabs_option(RDisasmState *ds) {
if (!ds || !ds->atabs) {
return;
}
size = strlen (ds->asmop.buf_asm)* (ds->atabs + 1) * 4;
if (size < 1) {
size = strlen (ds->asmop.buf_asm) * (ds->atabs + 1) * 4;
if (size < 1 || size < strlen (ds->asmop.buf_asm)) {
return;
}
free (ds->opstr);
ds->opstr = b = malloc (size);
strcpy (b, ds->asmop.buf_asm);
ds->opstr = b = malloc (size + 1);
strncpy (b, ds->asmop.buf_asm, R_MIN (size, R_ASM_BUFSIZE));
b[size] = 0;
for (; *b; b++, i++) {
if (*b=='(' || *b=='[') {
if (*b == '(' || *b == '[') {
brackets++;
}
if (*b==')' || *b==']') {
if (*b == ')' || *b == ']') {
brackets--;
}
if (*b==',') {
if (*b == ',') {
comma = 1;
}
if (*b!=' ') {
if (*b != ' ') {
continue;
}
if (word > 0 && !comma) {
@ -902,7 +903,7 @@ static void ds_atabs_option(RDisasmState *ds) {
comma = 0;
brackets = 0;
n = (ds->atabs-i);
t = strdup (b+1); //XXX slow!
t = strdup (b + 1); //XXX slow!
if (n < 1) {
n = 1;
}