Skip to content

Commit

Permalink
Fix #6816 - null deref in r_read_*
Browse files Browse the repository at this point in the history
  • Loading branch information
@radare
radare committed Feb 20, 2017
1 parent 0ae4a5c commit 1ea23bd
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 2 deletions.
2 changes: 1 addition & 1 deletion doc/uncrustify.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -483,7 +483,7 @@ nl_before_block_comment = 0
nl_before_c_comment = 0
nl_before_cpp_comment = 0
nl_after_multiline_comment = false
nl_after_label_colon = force
nl_after_label_colon = true
nl_after_struct = 0
nl_before_class = 0
nl_after_class = 0
Expand Down
2 changes: 1 addition & 1 deletion libr/bin/p/bin_dex.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1322,7 +1322,7 @@ static void parse_class(RBinFile *binfile, RBinDexObj *bin, RBinDexClass *c,
c->interfaces_offset <
bin->header.data_offset + bin->header.data_size) {
p = r_buf_get_at (binfile->buf, c->interfaces_offset, NULL);
int types_list_size = r_read_le32(p);
int types_list_size = r_read_le32 (p);
if (types_list_size < 0 || types_list_size >= bin->header.types_size ) {
return;
}
Expand Down
19 changes: 19 additions & 0 deletions libr/include/r_endian.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ extern "C" {
/* Endian agnostic functions working on single byte. */

static inline ut8 r_read_ble8(const void *src) {
if (!src) {
return UT8_MAX;
}
return *(ut8 *)src;
}

Expand Down Expand Up @@ -114,6 +117,9 @@ static inline void r_write_at_be64(void *dest, ut64 val, size_t offset) {
/* Little Endian functions. */

static inline ut8 r_read_le8(const void *src) {
if (!src) {
return UT8_MAX;
}
return r_read_ble8 (src);
}

Expand All @@ -130,11 +136,17 @@ static inline void r_write_at_le8(void *dest, ut8 val, size_t offset) {
}

static inline ut16 r_read_le16(const void *src) {
if (!src) {
return UT16_MAX;
}
const ut8 *s = (const ut8*)src;
return (((ut16)s[1]) << 8) | (((ut16)s[0]) << 0);
}

static inline ut16 r_read_at_le16(const void *src, size_t offset) {
if (!src) {
return UT16_MAX;
}
const ut8 *s = (const ut8*)src + offset;
return r_read_le16 (s);
}
Expand All @@ -157,12 +169,18 @@ static inline void r_write_le24(void *_dest, ut32 val) {
}

static inline ut32 r_read_le32(const void *src) {
if (!src) {
return UT32_MAX;
}
const ut8 *s = (const ut8*)src;
return (((ut32)s[3]) << 24) | (((ut32)s[2]) << 16) |
(((ut32)s[1]) << 8) | (((ut32)s[0]) << 0);
}

static inline ut32 r_read_at_le32(const void *src, size_t offset) {
if (!src) {
return UT32_MAX;
}
const ut8 *s = (const ut8*)src + offset;
return r_read_le32 (s);
}
Expand Down Expand Up @@ -426,6 +444,7 @@ static inline int UT8_SUB(ut8 *r, ut8 a, ut8 b) {
}
return 1;
}

#ifdef __cplusplus
}
#endif
Expand Down

0 comments on commit 1ea23bd

Please sign in to comment.