summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--src/analysis/contents/file.c4
-rwxr-xr-xsrc/common/endianness.c32
-rw-r--r--src/common/leb128.c4
4 files changed, 25 insertions, 22 deletions
diff --git a/ChangeLog b/ChangeLog
index 0811005..dad8776 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
17-08-15 Cyrille Bagard <nocbos@gmail.com>
+ * src/analysis/contents/file.c:
+ * src/common/endianness.c:
+ * src/common/leb128.c:
+ Check for out-of-bound data access without triggering integer overflow.
+
+17-08-15 Cyrille Bagard <nocbos@gmail.com>
+
* src/glibext/generators/prologue.c:
Find a location for disassembly prologues in all cases.
diff --git a/src/analysis/contents/file.c b/src/analysis/contents/file.c
index b6cd39c..8b371ab 100644
--- a/src/analysis/contents/file.c
+++ b/src/analysis/contents/file.c
@@ -510,10 +510,10 @@ static bool g_file_content_seek(const GFileContent *content, vmpa2t *addr, phys_
offset = get_phy_addr(addr);
- if (offset == VMPA_NO_PHYSICAL)
+ if (length > get_mrange_length(&content->range))
return false;
- if ((offset + length) > get_mrange_length(&content->range))
+ if (offset > (get_mrange_length(&content->range) - length))
return false;
advance_vmpa(addr, length);
diff --git a/src/common/endianness.c b/src/common/endianness.c
index ba72f3d..4dcee22 100755
--- a/src/common/endianness.c
+++ b/src/common/endianness.c
@@ -267,8 +267,8 @@ uint64_t swap_u64(const uint64_t *value, SourceEndian endian)
bool read_u4(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end, bool *low)
{
- if (*pos < 0) return false;
- if ((end - *pos) < 1) return false;
+ if (end < 1) return false;
+ if (*pos > (end - 1)) return false;
if (*low)
{
@@ -304,8 +304,8 @@ bool read_u4(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end, bool *
bool read_u8(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end)
{
- if (*pos < 0) return false;
- if ((end - *pos) < 1) return false;
+ if (end < 1) return false;
+ if (*pos > (end - 1)) return false;
*target = data[*pos];
@@ -334,8 +334,8 @@ bool read_u8(uint8_t *target, const bin_t *data, phys_t *pos, phys_t end)
bool read_u16(uint16_t *target, const bin_t *data, phys_t *pos, phys_t end, SourceEndian endian)
{
- if (*pos < 0) return false;
- if ((end - *pos) < 2) return false;
+ if (end < 2) return false;
+ if (*pos > (end - 2)) return false;
switch (endian)
{
@@ -407,8 +407,8 @@ bool read_u16(uint16_t *target, const bin_t *data, phys_t *pos, phys_t end, Sour
bool read_u32(uint32_t *target, const bin_t *data, phys_t *pos, phys_t end, SourceEndian endian)
{
- if (*pos < 0) return false;
- if ((end - *pos) < 4) return false;
+ if (end < 4) return false;
+ if (*pos > (end - 4)) return false;
switch (endian)
{
@@ -484,8 +484,8 @@ bool read_u32(uint32_t *target, const bin_t *data, phys_t *pos, phys_t end, Sour
bool read_u64(uint64_t *target, const bin_t *data, phys_t *pos, phys_t end, SourceEndian endian)
{
- if (*pos < 0) return false;
- if ((end - *pos) < 8) return false;
+ if (end < 8) return false;
+ if (*pos > (end - 8)) return false;
switch (endian)
{
@@ -572,8 +572,8 @@ bool _write_un(const bin_t *value, size_t size, bin_t *data, off_t *pos, off_t e
{
size_t i; /* Boucle de parcours */
- if (*pos < 0) return false;
- if ((end - *pos) < size) return false;
+ if (end < size) return false;
+ if (*pos > (end - size)) return false;
switch (endian)
{
@@ -648,8 +648,8 @@ bool strtou8(uint8_t *target, const char *data, size_t *pos, size_t end, SourceE
{
size_t i; /* Boucle de parcours */
- if (*pos < 0) return false;
- if ((end - *pos) < 2) return false;
+ if (end < 2) return false;
+ if (*pos > (end - 2)) return false;
*target = 0;
@@ -706,8 +706,8 @@ bool _strtoun(uint8_t n, const char *data, size_t *pos, size_t end, SourceEndian
size_t j; /* Boucle de parcours #2 */
uint8_t tmp; /* Valeur temporaire de 8 bits */
- if (*pos < 0) return false;
- if ((end - *pos) < (n * 2)) return false;
+ if (end < (n * 2)) return false;
+ if (*pos > (end - (n * 2))) return false;
/* Récupération de la destination */
diff --git a/src/common/leb128.c b/src/common/leb128.c
index 2450850..67d8a6b 100644
--- a/src/common/leb128.c
+++ b/src/common/leb128.c
@@ -45,8 +45,6 @@ bool read_uleb128(uleb128_t *target, const bin_t *data, phys_t *pos, phys_t len)
int shift; /* Décallage à appliquer */
phys_t i; /* Boucle de parcours */
- if (*pos < 0) return false;
-
shift = 0;
*target = 0;
@@ -89,8 +87,6 @@ bool read_leb128(leb128_t *target, const bin_t *data, phys_t *pos, phys_t len)
int shift; /* Décallage à appliquer */
phys_t i; /* Boucle de parcours */
- if (*pos < 0) return false;
-
shift = 0;
*target = 0;