Fix memory corruption in disasm

librz/analysis/analysis.c

@@ -305,7 +305,9 @@ RZ_API void rz_analysis_set_cpu(RzAnalysis *analysis, const char *cpu) {
 
 RZ_API int rz_analysis_set_big_endian(RzAnalysis *analysis, int bigend) {
 	analysis->big_endian = bigend;
-	analysis->reg->big_endian = bigend;
+	if (analysis->reg) {
+		analysis->reg->big_endian = bigend;
+	}
 	return true;
 }
 

librz/analysis/esil_trace.c

@@ -53,7 +53,9 @@ RZ_API RzAnalysisEsilTrace *rz_analysis_esil_trace_new(RzAnalysisEsil *esil) {
 		if (!b) {
 			goto error;
 		}
-		memcpy(b->bytes, a->bytes, b->size);
+		if (b->bytes && a->bytes && b->size > 0) {
+			memcpy(b->bytes, a->bytes, b->size);
+		}
 		trace->arena[i] = b;
 	}
 	return trace;

librz/core/cbin.c

@@ -456,32 +456,30 @@ RZ_API bool rz_core_bin_apply_config(RzCore *r, RzBinFile *binfile) {
 	rz_config_set(r->config, "file.type", info->rclass);
 	rz_config_set(r->config, "cfg.bigendian",
 		info->big_endian ? "true" : "false");
-	if (!info->rclass || strcmp(info->rclass, "fs")) {
-		if (info->lang) {
-			rz_config_set(r->config, "bin.lang", info->lang);
-		}
-		rz_config_set(r->config, "asm.os", info->os);
-		if (info->rclass && !strcmp(info->rclass, "pe")) {
-			rz_config_set(r->config, "analysis.cpp.abi", "msvc");
-		} else {
-			rz_config_set(r->config, "analysis.cpp.abi", "itanium");
-		}
-		rz_config_set(r->config, "asm.arch", info->arch);
-		if (info->cpu && *info->cpu) {
-			rz_config_set(r->config, "asm.cpu", info->cpu);
-		}
-		if (info->features && *info->features) {
-			rz_config_set(r->config, "asm.features", info->features);
-		}
-		rz_config_set(r->config, "analysis.arch", info->arch);
-		snprintf(str, RZ_FLAG_NAME_SIZE, "%i", info->bits);
-		rz_config_set(r->config, "asm.bits", str);
-		rz_config_set(r->config, "asm.dwarf",
-			(RZ_BIN_DBG_STRIPPED & info->dbg_info) ? "false" : "true");
-		v = rz_analysis_archinfo(r->analysis, RZ_ANALYSIS_ARCHINFO_ALIGN);
-		if (v != -1) {
-			rz_config_set_i(r->config, "asm.pcalign", v);
-		}
+	if (info->lang) {
+		rz_config_set(r->config, "bin.lang", info->lang);
+	}
+	rz_config_set(r->config, "asm.os", info->os);
+	if (info->rclass && !strcmp(info->rclass, "pe")) {
+		rz_config_set(r->config, "analysis.cpp.abi", "msvc");
+	} else {
+		rz_config_set(r->config, "analysis.cpp.abi", "itanium");
+	}
+	rz_config_set(r->config, "asm.arch", info->arch);
+	if (info->cpu && *info->cpu) {
+		rz_config_set(r->config, "asm.cpu", info->cpu);
+	}
+	if (info->features && *info->features) {
+		rz_config_set(r->config, "asm.features", info->features);
+	}
+	rz_config_set(r->config, "analysis.arch", info->arch);
+	snprintf(str, RZ_FLAG_NAME_SIZE, "%i", info->bits);
+	rz_config_set(r->config, "asm.bits", str);
+	rz_config_set(r->config, "asm.dwarf",
+		(RZ_BIN_DBG_STRIPPED & info->dbg_info) ? "false" : "true");
+	v = rz_analysis_archinfo(r->analysis, RZ_ANALYSIS_ARCHINFO_ALIGN);
+	if (v != -1) {
+		rz_config_set_i(r->config, "asm.pcalign", v);
 	}
 	rz_core_analysis_type_init(r);
 	rz_core_analysis_cc_init(r);

librz/core/disasm.c

@@ -1484,15 +1484,15 @@ static void ds_atabs_option(RDisasmState *ds) {
 		return;
 	}
 	int bufasm_len = rz_strbuf_length(&ds->asmop.buf_asm);
-	int size = bufasm_len * (ds->atabs + 1) * 4;
+	int size = bufasm_len * (ds->atabs + 1) * 4 + 4;
 	if (size < 1 || size < bufasm_len) {
 		return;
 	}
-	b = malloc(size + 1);
 	if (ds->opstr) {
-		strcpy(b, ds->opstr);
+		size = strlen(ds->opstr) * (ds->atabs + 1) * 4 + 4;
+		b = rz_str_ndup(ds->opstr, size);
 	} else {
-		strcpy(b, rz_asm_op_get_asm(&ds->asmop));
+		b = rz_str_ndup(rz_asm_op_get_asm(&ds->asmop), size);
 	}
 	if (!b) {
 		return;