diff options
-rw-r--r-- | ChangeLog | 18 | ||||
-rw-r--r-- | src/analysis/binary.c | 5 | ||||
-rwxr-xr-x | src/common/endianness.c | 4 | ||||
-rw-r--r-- | src/common/leb128.c | 4 | ||||
-rw-r--r-- | src/format/dex/dex-int.c | 4 | ||||
-rw-r--r-- | src/format/dex/method.c | 9 | ||||
-rw-r--r-- | src/panels/symbols.c | 2 |
7 files changed, 40 insertions, 6 deletions
@@ -1,3 +1,21 @@ +10-06-15 Cyrille Bagard <nocbos@gmail.com> + + * src/analysis/binary.c: + Be sure to stay in loaded binary data. + + * src/common/endianness.c: + * src/common/leb128.c: + Report suspicious positions as errors. + + * src/format/dex/dex-int.c: + Handle errors when allocating to much memory. + + * src/format/dex/method.c: + Handle errors when loading methods from the DEX pool. + + * src/panels/symbols.c: + Typo. + 10-06-06 Cyrille Bagard <nocbos@gmail.com> * src/analysis/routine.c: diff --git a/src/analysis/binary.c b/src/analysis/binary.c index 17fc172..d860efc 100644 --- a/src/analysis/binary.c +++ b/src/analysis/binary.c @@ -351,6 +351,7 @@ static GRenderingLine *disassemble_binary_parts(GDelayedDisassembly *disass, GBi for (i = 0; i < disass->count; i++) { g_binary_part_get_values(disass->parts[i], NULL, &len, NULL); + if (len > disass->binary->bin_length) continue; sum += len; } @@ -362,6 +363,8 @@ static GRenderingLine *disassemble_binary_parts(GDelayedDisassembly *disass, GBi { g_binary_part_get_values(disass->parts[i], &pos, &len, &base); + if (len > disass->binary->bin_length) continue; + /* Décodage des instructions */ start = pos; @@ -379,8 +382,6 @@ static GRenderingLine *disassemble_binary_parts(GDelayedDisassembly *disass, GBi /* Ajout des prototypes de fonctions */ - printf("BASE == 0x%08llx\n", base); - for (; k < count; k++) { routine_offset = g_binary_routine_get_address(routines[k]); diff --git a/src/common/endianness.c b/src/common/endianness.c index 5c9b183..3a2a653 100755 --- a/src/common/endianness.c +++ b/src/common/endianness.c @@ -44,6 +44,7 @@ bool read_u4(uint8_t *target, const bin_t *data, off_t *pos, off_t len, bool *low, SourceEndian endian) { + if (*pos < 0) return false; if ((len - *pos) < 1) return false; if (*low) @@ -81,6 +82,7 @@ bool read_u4(uint8_t *target, const bin_t *data, off_t *pos, off_t len, bool *lo bool read_u8(uint8_t *target, const bin_t *data, off_t *pos, off_t len, SourceEndian endian) { + if (*pos < 0) return false; if ((len - *pos) < 1) return false; *target = data[*pos]; @@ -110,6 +112,7 @@ bool read_u8(uint8_t *target, const bin_t *data, off_t *pos, off_t len, SourceEn bool read_u16(uint16_t *target, const bin_t *data, off_t *pos, off_t len, SourceEndian endian) { + if (*pos < 0) return false; if ((len - *pos) < 2) return false; switch (endian) @@ -181,6 +184,7 @@ bool read_u16(uint16_t *target, const bin_t *data, off_t *pos, off_t len, Source bool read_u32(uint32_t *target, const bin_t *data, off_t *pos, off_t len, SourceEndian endian) { + if (*pos < 0) return false; if ((len - *pos) < 4) return false; switch (endian) diff --git a/src/common/leb128.c b/src/common/leb128.c index 4a03797..1b65fa7 100644 --- a/src/common/leb128.c +++ b/src/common/leb128.c @@ -45,6 +45,8 @@ bool read_uleb128(uleb128_t *target, const bin_t *data, off_t *pos, off_t len) int shift; /* Décallage à appliquer */ off_t i; /* Boucle de parcours */ + if (*pos < 0) return false; + shift = 0; *target = 0; @@ -87,6 +89,8 @@ bool read_leb128(leb128_t *target, const bin_t *data, off_t *pos, off_t len) int shift; /* Décallage à appliquer */ off_t i; /* Boucle de parcours */ + if (*pos < 0) return false; + shift = 0; *target = 0; diff --git a/src/format/dex/dex-int.c b/src/format/dex/dex-int.c index 8f5b408..5628e6b 100644 --- a/src/format/dex/dex-int.c +++ b/src/format/dex/dex-int.c @@ -454,6 +454,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i if (result && item->static_fields_size > 0) { item->static_fields = (encoded_field *)calloc(item->static_fields_size, sizeof(encoded_field)); + if (item->static_fields == NULL) item->static_fields_size = 0; for (i = 0; i < item->static_fields_size && result; i++) result = read_dex_encoded_field(format, pos, &item->static_fields[i]); @@ -463,6 +464,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i if (result && item->instance_fields_size > 0) { item->instance_fields = (encoded_field *)calloc(item->instance_fields_size, sizeof(encoded_field)); + if (item->instance_fields == NULL) item->instance_fields_size = 0; for (i = 0; i < item->instance_fields_size && result; i++) result = read_dex_encoded_field(format, pos, &item->instance_fields[i]); @@ -472,6 +474,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i if (result && item->direct_methods_size > 0) { item->direct_methods = (encoded_method *)calloc(item->direct_methods_size, sizeof(encoded_method)); + if (item->direct_methods == NULL) item->direct_methods_size = 0; for (i = 0; i < item->direct_methods_size && result; i++) result = read_dex_encoded_method(format, pos, &item->direct_methods[i]); @@ -481,6 +484,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i if (result && item->virtual_methods_size > 0) { item->virtual_methods = (encoded_method *)calloc(item->virtual_methods_size, sizeof(encoded_method)); + if (item->virtual_methods == NULL) item->virtual_methods_size = 0; for (i = 0; i < item->virtual_methods_size && result; i++) result = read_dex_encoded_method(format, pos, &item->virtual_methods[i]); diff --git a/src/format/dex/method.c b/src/format/dex/method.c index 4888c89..ce4d8dd 100644 --- a/src/format/dex/method.c +++ b/src/format/dex/method.c @@ -135,6 +135,12 @@ GDexMethod *g_dex_method_new(const GDexFormat *format, const encoded_method *see if (!read_dex_code_item(format, &offset, &item)) return NULL; + *last += seed->method_idx_diff; + routine = get_routine_from_dex_pool(format, *last); + + if (routine == NULL) return NULL; + + result = g_object_new(G_TYPE_DEX_METHOD, NULL); result->body = item; @@ -143,9 +149,6 @@ GDexMethod *g_dex_method_new(const GDexFormat *format, const encoded_method *see //printf(" code size :: %d\n", item.insns_size); - *last += seed->method_idx_diff; - routine = get_routine_from_dex_pool(format, *last); - printf(" method idx :: %lld\n", *last); diff --git a/src/panels/symbols.c b/src/panels/symbols.c index 534afee..d24bedf 100644 --- a/src/panels/symbols.c +++ b/src/panels/symbols.c @@ -518,7 +518,7 @@ static bool find_parent_for_routine(GtkTreeStore *store, const GBinRoutine *rout char *saveptr; /* Ctx. interne de découpage */ namespace = g_binary_routine_get_namespace(routine); - if (routine == NULL) return false; + if (namespace == NULL) return false; string = g_openida_type_to_string(namespace); |