Skip to content

Commit

Permalink
Fix 1 byte oob write bug in RBin.Strings coverity
Browse files Browse the repository at this point in the history
  • Loading branch information
@radare
radare committed Jun 24, 2019
1 parent 07e34e9 commit 4886aa9
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 19 deletions.
4 changes: 2 additions & 2 deletions libr/bin/bfile.c
View file
Expand Up @@ -158,7 +158,7 @@ static int string_scan_range(RList *list, RBinFile *bf, int min,
str_start = needle;

/* Eat a whole C string */
for (i = 0; i < sizeof (tmp) - 3 && needle < to; i += rc) {
for (i = 0; i < sizeof (tmp) - 4 && needle < to; i += rc) {
RRune r = {0};

if (str_type == R_STRING_TYPE_WIDE32) {
Expand Down Expand Up @@ -192,7 +192,7 @@ static int string_scan_range(RList *list, RBinFile *bf, int min,
r = 0;
}
}
rc = r_utf8_encode (&tmp[i], r);
rc = r_utf8_encode (tmp + i, r);
runes++;
/* Print the escape code */
} else if (r && r < 0x100 && strchr ("\b\v\f\n\r\t\a\033\\", (char)r)) {
Expand Down
27 changes: 12 additions & 15 deletions libr/bin/bin.c
View file
Expand Up @@ -620,7 +620,7 @@ R_API bool r_bin_list_plugin(RBin *bin, const char* name, int json) {
return true;
}

eprintf ("cannot find plugin %s\n", name);
eprintf ("Cannot find plugin %s\n", name);
return false;
}

Expand Down Expand Up @@ -834,32 +834,31 @@ R_API RBinSection *r_bin_get_section_at(RBinObject *o, ut64 off, int va) {
}

R_API RList *r_bin_reset_strings(RBin *bin) {
RBinFile *a = r_bin_cur (bin);
RBinObject *o = r_bin_cur_object (bin);
RBinPlugin *plugin = r_bin_file_cur_plugin (a);
RBinFile *bf = r_bin_cur (bin);

if (!a || !o) {
if (!bf || !bf->o) {
return NULL;
}
if (o->strings) {
r_list_free (o->strings);
o->strings = NULL;
if (bf->o->strings) {
r_list_free (bf->o->strings);
bf->o->strings = NULL;
}

if (bin->minstrlen <= 0) {
return NULL;
}
a->rawstr = bin->rawstr;
bf->rawstr = bin->rawstr;
RBinPlugin *plugin = r_bin_file_cur_plugin (bf);

if (plugin && plugin->strings) {
o->strings = plugin->strings (a);
bf->o->strings = plugin->strings (bf);
} else {
o->strings = r_bin_file_get_strings (a, bin->minstrlen, 0, a->rawstr);
bf->o->strings = r_bin_file_get_strings (bf, bin->minstrlen, 0, bf->rawstr);
}
if (bin->debase64) {
r_bin_object_filter_strings (o);
r_bin_object_filter_strings (bf->o);
}
return o->strings;
return bf->o->strings;
}

R_API RList *r_bin_get_strings(RBin *bin) {
Expand Down Expand Up @@ -1301,8 +1300,6 @@ R_API RList * /*<RBinClass>*/ r_bin_get_classes(RBin *bin) {
return o ? o->classes : NULL;
}



/* returns vaddr, rebased with the baseaddr of bin, if va is enabled for bin,
* paddr otherwise */
R_API ut64 r_bin_get_vaddr(RBin *bin, ut64 paddr, ut64 vaddr) {
Expand Down
4 changes: 2 additions & 2 deletions libr/bin/blang.c
View file
Expand Up @@ -216,9 +216,9 @@ R_API const char *r_bin_lang_tostring(int lang) {
case R_BIN_NM_JAVA:
return "java";
case R_BIN_NM_C:
return (lang&R_BIN_NM_BLOCKS)? "c with blocks": "c";
return (lang & R_BIN_NM_BLOCKS)? "c with blocks": "c";
case R_BIN_NM_CXX:
return (lang&R_BIN_NM_BLOCKS)? "c++ with blocks": "c++";
return (lang & R_BIN_NM_BLOCKS)? "c++ with blocks": "c++";
case R_BIN_NM_DLANG:
return "d";
case R_BIN_NM_OBJC:
Expand Down

0 comments on commit 4886aa9

Please sign in to comment.