diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2017-08-15 20:03:47 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2017-08-15 20:03:47 (GMT) |
| commit | 13d12a85fa661c2f331a4ad61ef921d942ce9176 (patch) | |
| tree | ec1ca1d40b44294daa88da8b6626f920fc4d9f87 /src | |
| parent | 852650d335f3366ad2c2416c5cebf56a569be691 (diff) | |
Checked for out-of-bound data access without triggering integer overflow.
Diffstat (limited to 'src')
| -rw-r--r-- | src/analysis/contents/file.c | 4 | ||||
| -rwxr-xr-x | src/common/endianness.c | 32 | ||||
| -rw-r--r-- | src/common/leb128.c | 4 |
3 files changed, 18 insertions, 22 deletions
diff --git a/src/analysis/contents/file.c b/src/analysis/contents/file.c index b6cd39c..8b371ab 100644 --- a/src/analysis/contents/file.c +++ b/src/analysis/contents/file.c @@ -510,10 +510,10 @@ static bool g_file_content_seek(const GFileContent *content, vmpa2t *addr, phys_ offset = get_phy_addr(addr); - if (offset == VMPA_NO_PHYSICAL) + if (length > get_mrange_length(&content->range)) return false; - if ((offset + length) > get_mrange_length(&content->range)) + if (offset > (get_mrange_length(&content->range) - length)) return false; advance_vmpa(addr, length); diff --git a/src/common/endianness.c b/src/common/endianness.c index ba72f3d..4dcee22 100755 --- a/src/common/endianness.c +++ b/src/common/endianness.c @@ -267,8 +267,8 @@ uint64_t swap_u64(const uint64_t *value, SourceEndian endian) bool read_u4(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end, bool *low) { - if (*pos < 0) return false; - if ((end - *pos) < 1) return false; + if (end < 1) return false; + if (*pos > (end - 1)) return false; if (*low) { @@ -304,8 +304,8 @@ bool read_u4(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end, bool * bool read_u8(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end) { - if (*pos < 0) return false; - if ((end - *pos) < 1) return false; + if (end < 1) return false; + if (*pos > (end - 1)) return false; *target = data[*pos]; @@ -334,8 +334,8 @@ bool read_u8(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end) bool read_u16(uint16_t *target, const bin_t *data, phys_t *pos, phys_t end, SourceEndian endian) { - if (*pos < 0) return false; - if ((end - *pos) < 2) return false; + if (end < 2) return false; + if (*pos > (end - 2)) return false; switch (endian) { @@ -407,8 +407,8 @@ bool read_u16(uint16_t *target, const bin_t *data, phys_t *pos, phys_t end, Sour bool read_u32(uint32_t *target, const bin_t *data, phys_t *pos, phys_t end, SourceEndian endian) { - if (*pos < 0) return false; - if ((end - *pos) < 4) return false; + if (end < 4) return false; + if (*pos > (end - 4)) return false; switch (endian) { @@ -484,8 +484,8 @@ bool read_u32(uint32_t *target, const bin_t *data, phys_t *pos, phys_t end, Sour bool read_u64(uint64_t *target, const bin_t *data, phys_t *pos, phys_t end, SourceEndian endian) { - if (*pos < 0) return false; - if ((end - *pos) < 8) return false; + if (end < 8) return false; + if (*pos > (end - 8)) return false; switch (endian) { @@ -572,8 +572,8 @@ bool _write_un(const bin_t *value, size_t size, bin_t *data, off_t *pos, off_t e { size_t i; /* Boucle de parcours */ - if (*pos < 0) return false; - if ((end - *pos) < size) return false; + if (end < size) return false; + if (*pos > (end - size)) return false; switch (endian) { @@ -648,8 +648,8 @@ bool strtou8(uint8_t *target, const char *data, size_t *pos, size_t end, SourceE { size_t i; /* Boucle de parcours */ - if (*pos < 0) return false; - if ((end - *pos) < 2) return false; + if (end < 2) return false; + if (*pos > (end - 2)) return false; *target = 0; @@ -706,8 +706,8 @@ bool _strtoun(uint8_t n, const char *data, size_t *pos, size_t end, SourceEndian size_t j; /* Boucle de parcours #2 */ uint8_t tmp; /* Valeur temporaire de 8 bits */ - if (*pos < 0) return false; - if ((end - *pos) < (n * 2)) return false; + if (end < (n * 2)) return false; + if (*pos > (end - (n * 2))) return false; /* Récupération de la destination */ diff --git a/src/common/leb128.c b/src/common/leb128.c index 2450850..67d8a6b 100644 --- a/src/common/leb128.c +++ b/src/common/leb128.c @@ -45,8 +45,6 @@ bool read_uleb128(uleb128_t *target, const bin_t *data, phys_t *pos, phys_t len) int shift; /* Décallage à appliquer */ phys_t i; /* Boucle de parcours */ - if (*pos < 0) return false; - shift = 0; *target = 0; @@ -89,8 +87,6 @@ bool read_leb128(leb128_t *target, const bin_t *data, phys_t *pos, phys_t len) int shift; /* Décallage à appliquer */ phys_t i; /* Boucle de parcours */ - if (*pos < 0) return false; - shift = 0; *target = 0; |