diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2017-08-27 18:21:17 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2017-08-27 18:21:17 (GMT) |
| commit | 5792b6c860810915d62365125cafc6bff096e405 (patch) | |
| tree | 066866c023a3fb9e6d0e2cb36a295e9b8f727669 /src/format/dex/dex-int.c | |
| parent | 562a56f01cfb81ff7538418dd183aaa53e90b17c (diff) | |
Handled Dalvik code definition loading with more care.
Diffstat (limited to 'src/format/dex/dex-int.c')
| -rw-r--r-- | src/format/dex/dex-int.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/src/format/dex/dex-int.c b/src/format/dex/dex-int.c index c49445d..811cf5d 100644 --- a/src/format/dex/dex-int.c +++ b/src/format/dex/dex-int.c @@ -28,6 +28,9 @@ #include <malloc.h> +#include <i18n.h> + + #include "../../arch/dalvik/instruction-def.h" #include "../../common/endianness.h" @@ -793,6 +796,7 @@ bool read_dex_code_item(const GDexFormat *format, vmpa2t *pos, code_item *item) { bool result; /* Bilan à retourner */ GBinContent *content; /* Contenu binaire à lire */ + vmpa2t origin; /* Mémorisation d'une position */ uint16_t padding; /* Eventuel alignement */ uint16_t i; /* Boucle de parcours */ @@ -808,12 +812,19 @@ bool read_dex_code_item(const GDexFormat *format, vmpa2t *pos, code_item *item) result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &item->insns_size); item->insns = (uint16_t *)g_binary_content_get_raw_access(content, pos, item->insns_size * sizeof(uint16_t)); + if (item->insns == NULL) goto rdci_bad_insns; /* Padding ? */ if (item->tries_size > 0 && item->insns_size % 2 == 1) { + copy_vmpa(&origin, pos); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &padding); - assert(padding == 0); + + if (padding != 0) + g_binary_format_add_error(G_BIN_FORMAT(format), BFE_SPECIFICATION, &origin, + _("Expected a null value as padding.")); + } if (item->tries_size > 0 && result) @@ -821,6 +832,7 @@ bool read_dex_code_item(const GDexFormat *format, vmpa2t *pos, code_item *item) assert(get_phy_addr(pos) % 4 == 0); item->tries = (try_item *)calloc(item->tries_size, sizeof(try_item)); + if (item->tries == NULL) goto rdci_bad_tries; for (i = 0; i < item->tries_size && result; i++) result &= read_dex_try_item(format, pos, &item->tries[i]); @@ -831,10 +843,29 @@ bool read_dex_code_item(const GDexFormat *format, vmpa2t *pos, code_item *item) result &= read_dex_encoded_catch_handler_list(format, pos, item->handlers); } + else + item->handlers = NULL; + + } + + else + { + item->tries = NULL; + item->handlers = NULL; } return result; + rdci_bad_insns: + + item->tries = NULL; + + rdci_bad_tries: + + item->handlers = NULL; + + return false; + } |