Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix oobread in the java disassembler ##asan
* Causes UB when performing analysis, not exploitable
* https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0/
* Reported by @gandalf4a
  • Loading branch information
radare authored and trufae committed Oct 19, 2023
1 parent d026503 commit 1bdda93
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions shlr/java/code.c
Expand Up @@ -206,9 +206,9 @@ R_API int java_print_opcode(RBinJavaObj *obj, ut64 addr, int idx, const ut8 *byt
case 0xa6: // if_acmpne
case 0xa7: // goto
case 0xa8: // jsr
if (len > 1) {
snprintf (output, outlen, "%s 0x%04"PFMT64x, JAVA_OPS[idx].name,
(addr + (short)USHORT (bytes, 1)));
if (len > 3) {
const short delta = USHORT (bytes, 1);
snprintf (output, outlen, "%s 0x%04"PFMT64x, JAVA_OPS[idx].name, addr + delta);
output[outlen - 1] = 0;
return update_bytes_consumed (JAVA_OPS[idx].size);
}
Expand Down

0 comments on commit 1bdda93

Please sign in to comment.