Prevented out of bounds access when moving the reading position forwards.

author: Cyrille Bagard <nocbos@gmail.com> 2016-09-24 21:18:51 (GMT)
committer: Cyrille Bagard <nocbos@gmail.com> 2016-09-24 21:18:51 (GMT)
commit: 3c970a0a1b74a1991be303132221329f3eef0b91 (patch)
tree: 7f3c9e8969f5c5c9fe1188c762dda0668c6f9ff6 /src/arch/dalvik
parent: 65a4b8d9c1929fb7b171d630d336519fc4d418ef (diff)
4 files changed, 15 insertions, 5 deletions
diff --git a/src/arch/dalvik/operand.c b/src/arch/dalvik/operand.c
index ac38da5..f0e8c1e 100644
--- a/src/arch/dalvik/operand.c
+++ b/src/arch/dalvik/operand.c
@@ -655,7 +655,7 @@ bool dalvik_read_operands(GArchInstruction *instr, GExeFormat *format, const GBi
         case DALVIK_OPT_20T:
         case DALVIK_OPT_30T:
         case DALVIK_OPT_32X:
-            advance_vmpa(pos, 1);
+            result = g_binary_content_seek(content, pos, 1);
             break;
 
         default:
diff --git a/src/arch/dalvik/processor.c b/src/arch/dalvik/processor.c
index 9fe7253..ab64db7 100644
--- a/src/arch/dalvik/processor.c
+++ b/src/arch/dalvik/processor.c
@@ -536,10 +536,12 @@ static GArchInstruction *g_dalvik_processor_disassemble_pseudo(const GArchProces
     if (low8 != 0x00 /* DOP_NOP */)
         return NULL;
 
+    result = NULL;
+
     copy_vmpa(&tmp, pos);
 
     if (!g_binary_content_read_u8(content, pos, &high8))
-        return NULL;
+        goto gdpdp_exit;
 
     ident = high8 << 8 | low8;
 
@@ -560,7 +562,9 @@ static GArchInstruction *g_dalvik_processor_disassemble_pseudo(const GArchProces
 
     }
 
-    if (result != NULL)
+ gdpdp_exit:
+
+    if (result == NULL)
         copy_vmpa(pos, &tmp);
 
     return result;
diff --git a/src/arch/dalvik/pseudo/fill.c b/src/arch/dalvik/pseudo/fill.c
index 95880fc..e1e1822 100644
--- a/src/arch/dalvik/pseudo/fill.c
+++ b/src/arch/dalvik/pseudo/fill.c
@@ -191,7 +191,10 @@ GArchInstruction *g_dalvik_fill_instr_new(uint16_t ident, const GBinContent *con
 
     consumed = result->array_width * result->array_size;
 
-    advance_vmpa(pos, consumed);
+    if (!g_binary_content_seek(content, pos, consumed))
+        goto gdfin_bad;
+
+    g_arch_instruction_set_displayed_max_length(G_ARCH_INSTRUCTION(result), 8);
 
     return G_ARCH_INSTRUCTION(result);
 
diff --git a/src/arch/dalvik/pseudo/switch.c b/src/arch/dalvik/pseudo/switch.c
index 1bfc124..c1d0982 100644
--- a/src/arch/dalvik/pseudo/switch.c
+++ b/src/arch/dalvik/pseudo/switch.c
@@ -190,7 +190,10 @@ GArchInstruction *g_dalvik_switch_instr_new(uint16_t ident, const GBinContent *c
     else
         consumed = (2 * result->switch_size) * sizeof(uint32_t);
 
-    advance_vmpa(pos, consumed);
+    if (!g_binary_content_seek(content, pos, consumed))
+        goto gdsin_bad;
+
+    g_arch_instruction_set_displayed_max_length(G_ARCH_INSTRUCTION(result), 4);
 
     return G_ARCH_INSTRUCTION(result);
author	Cyrille Bagard <nocbos@gmail.com>	2016-09-24 21:18:51 (GMT)
committer	Cyrille Bagard <nocbos@gmail.com>	2016-09-24 21:18:51 (GMT)
commit	3c970a0a1b74a1991be303132221329f3eef0b91 (patch)
tree	7f3c9e8969f5c5c9fe1188c762dda0668c6f9ff6 /src/arch/dalvik
parent	65a4b8d9c1929fb7b171d630d336519fc4d418ef (diff)