summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2018-09-06 20:45:36 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2018-09-06 20:45:36 (GMT)
commit9aaaa651d924eb30e46f26690aea007b7d868e35 (patch)
tree846d8f5d27bc7c289a6b0241f1ad3fbe2510f1c6
parent9dac560b09bfea058e0286b1a5cd25c37290af39 (diff)
Fixed possible UAFs when adding symbols.
-rw-r--r--plugins/elf/strings.c5
-rw-r--r--plugins/pychrysalide/format/format.c1
-rw-r--r--plugins/readelf/strtab.c5
3 files changed, 11 insertions, 0 deletions
diff --git a/plugins/elf/strings.c b/plugins/elf/strings.c
index 4d6b5c8..7dd644e 100644
--- a/plugins/elf/strings.c
+++ b/plugins/elf/strings.c
@@ -356,6 +356,9 @@ static bool do_elf_string_loading(GElfLoading *loading, GElfFormat *format, phys
range = g_arch_instruction_get_range(instr);
symbol = g_string_symbol_new_read_only(base, range, SET_GUESS);
+
+ g_object_ref(G_OBJECT(symbol));
+
g_binary_format_add_symbol(base, symbol);
/* Jointure avec la chaîne précédente ? */
@@ -368,6 +371,8 @@ static bool do_elf_string_loading(GElfLoading *loading, GElfFormat *format, phys
if (cut)
g_string_symbol_build_label(G_STR_SYMBOL(symbol), base);
+ g_object_unref(G_OBJECT(symbol));
+
}
/* Conclusion */
diff --git a/plugins/pychrysalide/format/format.c b/plugins/pychrysalide/format/format.c
index bf6c3f1..af881af 100644
--- a/plugins/pychrysalide/format/format.c
+++ b/plugins/pychrysalide/format/format.c
@@ -130,6 +130,7 @@ static PyObject *py_binary_format_add_symbol(PyObject *self, PyObject *args)
format = G_BIN_FORMAT(pygobject_get(self));
symbol = G_BIN_SYMBOL(pygobject_get(symbol_obj));
+ g_object_ref(G_OBJECT(symbol));
added = g_binary_format_add_symbol(format, symbol);
result = added ? Py_True : Py_False;
diff --git a/plugins/readelf/strtab.c b/plugins/readelf/strtab.c
index 3cbe353..7645dec 100644
--- a/plugins/readelf/strtab.c
+++ b/plugins/readelf/strtab.c
@@ -113,6 +113,9 @@ static void parse_elf_string_table(GElfFormat *format, GPreloadInfo *info, const
irange = g_arch_instruction_get_range(instr);
symbol = g_string_symbol_new_read_only(base, irange, SET_GUESS);
+
+ g_object_ref(G_OBJECT(symbol));
+
g_binary_format_add_symbol(base, symbol);
/* Jointure avec la chaîne précédente ? */
@@ -120,6 +123,8 @@ static void parse_elf_string_table(GElfFormat *format, GPreloadInfo *info, const
if (cut)
g_string_symbol_build_label(G_STR_SYMBOL(symbol), base);
+ g_object_unref(G_OBJECT(symbol));
+
}
/* Conclusion */