Skip to content

Commit 9650e3c

Browse files
committed
Fix oobread segfault in java arith8.class ##crash
* Reported by Cen Zhang via huntr.dev
1 parent 79b39bb commit 9650e3c

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

Diff for: shlr/java/class.c

+5-1
Original file line numberDiff line numberDiff line change
@@ -3733,6 +3733,10 @@ R_API RBinJavaAttrInfo *r_bin_java_inner_classes_attr_new(RBinJavaObj *bin, ut8
37333733
ut64 offset = 0, curpos;
37343734
attr = r_bin_java_default_attr_new (bin, buffer, sz, buf_offset);
37353735
offset += 6;
3736+
if (buf_offset + offset + 8 > sz) {
3737+
eprintf ("Invalid amount of inner classes\n");
3738+
return NULL;
3739+
}
37363740
if (attr == NULL) {
37373741
// TODO eprintf
37383742
return attr;
@@ -3743,7 +3747,7 @@ R_API RBinJavaAttrInfo *r_bin_java_inner_classes_attr_new(RBinJavaObj *bin, ut8
37433747
attr->info.inner_classes_attr.classes = r_list_newf (r_bin_java_inner_classes_attr_entry_free);
37443748
for (i = 0; i < attr->info.inner_classes_attr.number_of_classes; i++) {
37453749
curpos = buf_offset + offset;
3746-
if (offset + 8 > sz) {
3750+
if (buf_offset + offset + 8 > sz) {
37473751
eprintf ("Invalid amount of inner classes\n");
37483752
break;
37493753
}

0 commit comments

Comments
 (0)