Skip to content

Comments

librz/core+bin: Remove obr (bin rebase command)#5001

Merged
thestr4ng3r merged 1 commit intodevfrom
remove-obr
Mar 14, 2025
Merged

librz/core+bin: Remove obr (bin rebase command)#5001
thestr4ng3r merged 1 commit intodevfrom
remove-obr

Conversation

@thestr4ng3r
Copy link
Member

@thestr4ng3r thestr4ng3r commented Mar 14, 2025
edited
Loading

Your checklist for this pull request

  • I've read the guidelines for contributing to this repository.
  • I made sure to follow the project's coding style.
  • I've documented every RZ_API function and struct this PR changes.
  • I've added tests that prove my changes are effective (required for changes to RZ_API).
  • I've updated the Rizin book with the relevant information (if needed).

Detailed description

Rebase done by obr freed all vfiles in the RzBinObject, but did not free
the entire RzBinFile, so core was not notified about it, and it may
still have had references to vfiles in vfile:// mappings, thus causing
UAFs.
Unfortunately the entire obr command was not working properly, so we
remove it with obR (also not entirely working) and rb being possible
replacements depending on the use-case.
The possibly dangerous RzBin apis have been made private in the module
to prevent future misuse.

Test plan

The following crashed before:

rz -c 'obl;obr 0x100000;obl' test/bins/elf/libmagic.so

@thestr4ng3r
librz/core+bin: Remove obr (bin rebase command)
a0705a6 
Rebase done by obr freed all vfiles in the RzBinObject, but did not free
the entire RzBinFile, so core was not notified about it, and it may
still have had references to vfiles in vfile:// mappings, thus causing
UAFs.
Unfortunately the entire obr command was not working properly, so we
remove it with obR (also not entirely working) and rb being possible
replacements depending on the use-case.
The possibly dangerous RzBin apis have been made private in the module
to prevent future misuse.
@thestr4ng3r thestr4ng3r merged commit d596104 into dev Mar 14, 2025
48 of 49 checks passed
@thestr4ng3r thestr4ng3r deleted the remove-obr branch March 14, 2025 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wargio wargio wargio approved these changes

@Rot127 Rot127 Rot127 approved these changes

@notxvilka notxvilka notxvilka approved these changes

@ret2libc ret2libc Awaiting requested review from ret2libc ret2libc is a code owner

@kazarmy kazarmy Awaiting requested review from kazarmy kazarmy is a code owner

Assignees

No one assigned

Labels

API RzBin RzCore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thestr4ng3r @wargio @Rot127 @notxvilka