Skip to content

Commit 3789722

Browse files
committed
Fix use-after-free in iobank rbtree usage ##io
* See havoc4 bin for reproducer * Reported via huntr.dev by 'Cen Zhang'
1 parent 7cfd367 commit 3789722

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

Diff for: libr/io/io_bank.c

+4-1
Original file line numberDiff line numberDiff line change
@@ -230,7 +230,10 @@ R_API bool r_io_bank_map_add_top(RIO *io, const ut32 bankid, const ut32 mapid) {
230230
//delete all submaps that are completly included in sm
231231
RRBNode *next = r_rbnode_next (entry);
232232
// this can be optimized, there is no need to do search here
233-
r_crbtree_delete (bank->submaps, entry->data, _find_sm_by_from_vaddr_cb, NULL);
233+
bool a = r_crbtree_delete (bank->submaps, entry->data, _find_sm_by_from_vaddr_cb, NULL);
234+
if (!a) {
235+
break;
236+
}
234237
entry = next;
235238
}
236239
if (entry && r_io_submap_from (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) {

0 commit comments

Comments
 (0)