Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixing aek- #5454

Merged
merged 1 commit into from Aug 7, 2016
Merged

fixing aek- #5454

merged 1 commit into from Aug 7, 2016

Conversation

oddcoder
Copy link
Contributor

@oddcoder oddcoder commented Aug 6, 2016

according to ae?, aek- is used to delete all esil->stats key/value pairs, but it wasn't actually implemented.
this is its implementation

@oddcoder
Copy link
Contributor Author

oddcoder commented Aug 6, 2016

added a test here https://github.com/radare/radare2-regressions/pull/498

radare
radare reviewed Aug 6, 2016
View reviewed changes
libr/core/cmd_anal.c
@@ -2,7 +2,11 @@

#include "r_util.h"
#include "r_core.h"

static int sdb_del (void *p, const char *k, const char *v) {
struct r_anal_esil_t *esil = (struct r_anal_esil_t *)p;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the typedefed name RAnalEsil

@oddcoder
Copy link
Contributor Author

oddcoder commented Aug 6, 2016

test suite is behaving strangely segfault on Clang on linux, and passed gcc linux and mac clang

@radare
Copy link
Collaborator

radare commented Aug 6, 2016

Try with asan

On 06 Aug 2016, at 19:38, Ahmed Mohamed Abd El-MAwgood notifications@github.com wrote:

test suite is behaving strangely segfault on Clang on linux, and passed gcc linux and mac clang


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

@oddcoder
Copy link
Contributor Author

oddcoder commented Aug 6, 2016 

➜  fuzzed git:(aek-delete) r2 fuzz-loaduleb.dex
=================================================================
==14203==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x618000012ee8 at pc 0x7f29aea6d54c bp 0x7ffdcc367390 sp 0x7ffdcc367380
READ of size 4 at 0x618000012ee8 thread T0
    #0 0x7f29aea6d54b in parse_class /home/oddcoder/radare2/libr/..//libr/bin/p/bin_dex.c:450
    #1 0x7f29aea6f0a2 in dex_loadcode /home/oddcoder/radare2/libr/..//libr/bin/p/bin_dex.c:657
    #2 0x7f29aea70b2c in entries /home/oddcoder/radare2/libr/..//libr/bin/p/bin_dex.c:896
    #3 0x7f29aea27ccf in r_bin_object_set_items /home/oddcoder/radare2/libr/bin/bin.c:490
    #4 0x7f29aea2c09d in r_bin_object_new /home/oddcoder/radare2/libr/bin/bin.c:1028
    #5 0x7f29aea2d032 in r_bin_file_new_from_bytes /home/oddcoder/radare2/libr/bin/bin.c:1165
    #6 0x7f29aea2a7f2 in r_bin_load_io_at_offset_as_sz /home/oddcoder/radare2/libr/bin/bin.c:758
    #7 0x7f29aea2a87d in r_bin_load_io_at_offset_as /home/oddcoder/radare2/libr/bin/bin.c:772
    #8 0x7f29aea29d6f in r_bin_load_io /home/oddcoder/radare2/libr/bin/bin.c:664
    #9 0x7f29af92021c in r_core_file_do_load_for_io_plugin /home/oddcoder/radare2/libr/core/file.c:392
    #10 0x7f29af921123 in r_core_bin_load /home/oddcoder/radare2/libr/core/file.c:512
    #11 0x55ae6dbc9219 in main /home/oddcoder/radare2/binr/radare2/radare2.c:733
    #12 0x7f29aae3a57f in __libc_start_main (/lib64/libc.so.6+0x2057f)
    #13 0x55ae6dbc5c28 in _start (/home/oddcoder/radare2/binr/radare2/radare2+0x5c28)

AddressSanitizer can not describe address in more detail (wild memory access suspected).
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/oddcoder/radare2/libr/..//libr/bin/p/bin_dex.c:450 parse_class
Shadow bytes around the buggy address:
  0x0c307fffa580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa5a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa5b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa5c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c307fffa5d0: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa
  0x0c307fffa5e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa5f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fffa620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==14203==ABORTING

I didn't touch libr/bin/p plus I dont know what is dex
this is actually strange behavior

@oddcoder
Copy link
Contributor Author

oddcoder commented Aug 6, 2016

well now it builds and I didn't do anything extra @radare I will open seprate issue for the random segmentation fault because it doesn't have anything to do with my pr

@oddcoder
fixing aek-
24d2b62 
according to `ae?`,  aek- is used to delete all esil->stats key/value pairs, but it wasn't actually implemented.
@radare radare merged commit 5adf93a into radareorg:master Aug 7, 2016
@oddcoder oddcoder deleted the fix_aek_delete branch August 13, 2016 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@oddcoder @radare