From cc32246d2aa7cc6ecc2071d1d6ea3c6a7015f2f2 Mon Sep 17 00:00:00 2001 From: Christos Zoulas Date: Fri, 22 Jun 2018 20:39:49 +0000 Subject: [PATCH] Add quad indirect offsets --- ChangeLog | 4 ++++ doc/magic.man | 23 +++++++++++++++++++---- src/apprentice.c | 8 +++++++- src/softmagic.c | 22 ++++++++++++++++++++-- 4 files changed, 50 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index dccf3e0312..194b33600f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2018-06-22 16:38 Christos Zoulas + + * Add Quad indirect offsets + 2018-05-24 14:10 Christos Zoulas * Enable parsing of ELF dynamic sections to handle PIE better diff --git a/doc/magic.man b/doc/magic.man index 1b89879f6f..15165daa5e 100644 --- a/doc/magic.man +++ b/doc/magic.man @@ -1,5 +1,6 @@ -.\" $File: magic.man,v 1.92 2017/11/04 01:11:32 christos Exp $ -.Dd Noveber 3, 2017 +.It S2 +.\" $File: magic.man,v 1.93 2018/06/22 20:39:49 christos Exp $ +.Dd June 22, 2018 .Dt MAGIC __FSECTION__ .Os .\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems. @@ -553,12 +554,12 @@ the file. The value at that offset is read, and is used again as an offset in the file. Indirect offsets are of the form: -.Em (( x [[.,][bislBISL]][+\-][ y ]) . +.Em (( x [[.,][bBcCeEfFgGhHiIlmsSqQ]][+\-][ y ]) . The value of .Em x is used as an offset in the file. A byte, id3 length, short or long is read at that offset depending on the -.Em [bislBISLm] +.Em [bBcCeEfFgGhHiIlmsSqQ] type specifier. The value is treated as signed if .Dq , @@ -575,6 +576,20 @@ To that number the value of .Em y is added and the result is used as an offset in the file. The default type if one is not specified is long. +The following types are recognized: +.Bl -column -offset indent "Type" "Half/Short" "Little" "Size" +.It Sy Type Sy Mnemonic Sy Endian Sy Size +.It bcBc Byte/Char N/A 1 +.It efg Double Little 8 +.It EFG Double Big 8 +.It hs Half/Short Little 2 +.It HS Half/Short Big 2 +.It i ID3 Little 4 +.It I ID3 Big 4 +.It m Middle Middle 4 +.It q Quad Little 8 +.It Q Quad Big 8 +.El .Pp That way variable length structures can be examined: .Bd -literal -offset indent diff --git a/src/apprentice.c b/src/apprentice.c index 2700ae9b79..ea8d0b222e 100644 --- a/src/apprentice.c +++ b/src/apprentice.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: apprentice.c,v 1.271 2018/04/15 19:57:59 christos Exp $") +FILE_RCSID("@(#)$File: apprentice.c,v 1.272 2018/06/22 20:39:50 christos Exp $") #endif /* lint */ #include "magic.h" @@ -1980,6 +1980,12 @@ parse(struct magic_set *ms, struct magic_entry *me, const char *line, case 'I': m->in_type = FILE_BEID3; break; + case 'q': + m->in_type = FILE_LEQUAD; + break; + case 'Q': + m->in_type = FILE_BEQUAD; + break; default: if (ms->flags & MAGIC_CHECK) file_magwarn(ms, diff --git a/src/softmagic.c b/src/softmagic.c index bba0a77ad0..9a5db9d3e2 100644 --- a/src/softmagic.c +++ b/src/softmagic.c @@ -32,7 +32,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: softmagic.c,v 1.261 2018/05/24 18:09:17 christos Exp $") +FILE_RCSID("@(#)$File: softmagic.c,v 1.262 2018/06/22 20:39:50 christos Exp $") #endif /* lint */ #include "magic.h" @@ -1535,6 +1535,14 @@ mget(struct magic_set *ms, struct magic *m, const struct buffer *b, case FILE_MELONG: off = SEXT(sgn,32,ME32(q)); break; + case FILE_BEQUAD: + off = SEXT(sgn,64,BE64(q)); + break; + case FILE_LEQUAD: + off = SEXT(sgn,64,LE64(q)); + break; + default: + abort(); } if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, "indirect offs=%jd\n", off); @@ -1588,8 +1596,18 @@ mget(struct magic_set *ms, struct magic *m, const struct buffer *b, return 0; offset = do_ops(m, SEXT(sgn,32,p->l), off); break; - default: + case FILE_LEQUAD: + if (OFFSET_OOB(nbytes, offset, 8)) + return 0; + offset = do_ops(m, SEXT(sgn,64,LE64(p)), off); + break; + case FILE_BEQUAD: + if (OFFSET_OOB(nbytes, offset, 8)) + return 0; + offset = do_ops(m, SEXT(sgn,64,BE64(p)), off); break; + default: + abort(); } if (m->flag & INDIROFFADD) {