From 1e2aada1204d3da43fe075478df5bfaaece937b0 Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Mon, 14 Jun 2010 23:39:03 +0000
Subject: Made the program stronger by handling more errors.

git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@167 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a
---
 ChangeLog                | 18 ++++++++++++++++++
 src/analysis/binary.c    |  5 +++--
 src/common/endianness.c  |  4 ++++
 src/common/leb128.c      |  4 ++++
 src/format/dex/dex-int.c |  4 ++++
 src/format/dex/method.c  |  9 ++++++---
 src/panels/symbols.c     |  2 +-
 7 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5c8ae4c..3130bbe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+10-06-15  Cyrille Bagard <nocbos@gmail.com>
+
+	* src/analysis/binary.c:
+	Be sure to stay in loaded binary data.
+
+	* src/common/endianness.c:
+	* src/common/leb128.c:
+	Report suspicious positions as errors.
+
+	* src/format/dex/dex-int.c:
+	Handle errors when allocating to much memory.
+
+	* src/format/dex/method.c:
+	Handle errors when loading methods from the DEX pool.
+
+	* src/panels/symbols.c:
+	Typo.
+
 10-06-06  Cyrille Bagard <nocbos@gmail.com>
 
 	* src/analysis/routine.c:
diff --git a/src/analysis/binary.c b/src/analysis/binary.c
index 17fc172..d860efc 100644
--- a/src/analysis/binary.c
+++ b/src/analysis/binary.c
@@ -351,6 +351,7 @@ static GRenderingLine *disassemble_binary_parts(GDelayedDisassembly *disass, GBi
     for (i = 0; i < disass->count; i++)
     {
         g_binary_part_get_values(disass->parts[i], NULL, &len, NULL);
+        if (len > disass->binary->bin_length) continue;
         sum += len;
     }
 
@@ -362,6 +363,8 @@ static GRenderingLine *disassemble_binary_parts(GDelayedDisassembly *disass, GBi
     {
         g_binary_part_get_values(disass->parts[i], &pos, &len, &base);
 
+        if (len > disass->binary->bin_length) continue;
+
         /* Décodage des instructions */
 
         start = pos;
@@ -379,8 +382,6 @@ static GRenderingLine *disassemble_binary_parts(GDelayedDisassembly *disass, GBi
 
         /* Ajout des prototypes de fonctions */
 
-        printf("BASE == 0x%08llx\n", base);
-
         for (; k < count; k++)
         {
             routine_offset = g_binary_routine_get_address(routines[k]);
diff --git a/src/common/endianness.c b/src/common/endianness.c
index 5c9b183..3a2a653 100755
--- a/src/common/endianness.c
+++ b/src/common/endianness.c
@@ -44,6 +44,7 @@
 
 bool read_u4(uint8_t *target, const bin_t *data, off_t *pos, off_t len, bool *low, SourceEndian endian)
 {
+    if (*pos < 0) return false;
     if ((len - *pos) < 1) return false;
 
     if (*low)
@@ -81,6 +82,7 @@ bool read_u4(uint8_t *target, const bin_t *data, off_t *pos, off_t len, bool *lo
 
 bool read_u8(uint8_t *target, const bin_t *data, off_t *pos, off_t len, SourceEndian endian)
 {
+    if (*pos < 0) return false;
     if ((len - *pos) < 1) return false;
 
     *target = data[*pos];
@@ -110,6 +112,7 @@ bool read_u8(uint8_t *target, const bin_t *data, off_t *pos, off_t len, SourceEn
 
 bool read_u16(uint16_t *target, const bin_t *data, off_t *pos, off_t len, SourceEndian endian)
 {
+    if (*pos < 0) return false;
     if ((len - *pos) < 2) return false;
 
     switch (endian)
@@ -181,6 +184,7 @@ bool read_u16(uint16_t *target, const bin_t *data, off_t *pos, off_t len, Source
 
 bool read_u32(uint32_t *target, const bin_t *data, off_t *pos, off_t len, SourceEndian endian)
 {
+    if (*pos < 0) return false;
     if ((len - *pos) < 4) return false;
 
     switch (endian)
diff --git a/src/common/leb128.c b/src/common/leb128.c
index 4a03797..1b65fa7 100644
--- a/src/common/leb128.c
+++ b/src/common/leb128.c
@@ -45,6 +45,8 @@ bool read_uleb128(uleb128_t *target, const bin_t *data, off_t *pos, off_t len)
     int shift;                              /* Décallage à appliquer       */
     off_t i;                                /* Boucle de parcours          */
 
+    if (*pos < 0) return false;
+
     shift = 0;
     *target = 0;
 
@@ -87,6 +89,8 @@ bool read_leb128(leb128_t *target, const bin_t *data, off_t *pos, off_t len)
     int shift;                              /* Décallage à appliquer       */
     off_t i;                                /* Boucle de parcours          */
 
+    if (*pos < 0) return false;
+
     shift = 0;
     *target = 0;
 
diff --git a/src/format/dex/dex-int.c b/src/format/dex/dex-int.c
index 8f5b408..5628e6b 100644
--- a/src/format/dex/dex-int.c
+++ b/src/format/dex/dex-int.c
@@ -454,6 +454,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i
     if (result && item->static_fields_size > 0)
     {
         item->static_fields = (encoded_field *)calloc(item->static_fields_size, sizeof(encoded_field));
+        if (item->static_fields == NULL) item->static_fields_size = 0;
 
         for (i = 0; i < item->static_fields_size && result; i++)
             result = read_dex_encoded_field(format, pos, &item->static_fields[i]);
@@ -463,6 +464,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i
     if (result && item->instance_fields_size > 0)
     {
         item->instance_fields = (encoded_field *)calloc(item->instance_fields_size, sizeof(encoded_field));
+        if (item->instance_fields == NULL) item->instance_fields_size = 0;
 
         for (i = 0; i < item->instance_fields_size && result; i++)
             result = read_dex_encoded_field(format, pos, &item->instance_fields[i]);
@@ -472,6 +474,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i
     if (result && item->direct_methods_size > 0)
     {
         item->direct_methods = (encoded_method *)calloc(item->direct_methods_size, sizeof(encoded_method));
+        if (item->direct_methods == NULL) item->direct_methods_size = 0;
 
         for (i = 0; i < item->direct_methods_size && result; i++)
             result = read_dex_encoded_method(format, pos, &item->direct_methods[i]);
@@ -481,6 +484,7 @@ bool read_dex_class_data_item(const GDexFormat *format, off_t *pos, class_data_i
     if (result && item->virtual_methods_size > 0)
     {
         item->virtual_methods = (encoded_method *)calloc(item->virtual_methods_size, sizeof(encoded_method));
+        if (item->virtual_methods == NULL) item->virtual_methods_size = 0;
 
         for (i = 0; i < item->virtual_methods_size && result; i++)
             result = read_dex_encoded_method(format, pos, &item->virtual_methods[i]);
diff --git a/src/format/dex/method.c b/src/format/dex/method.c
index 4888c89..ce4d8dd 100644
--- a/src/format/dex/method.c
+++ b/src/format/dex/method.c
@@ -135,6 +135,12 @@ GDexMethod *g_dex_method_new(const GDexFormat *format, const encoded_method *see
     if (!read_dex_code_item(format, &offset, &item))
         return NULL;
 
+    *last += seed->method_idx_diff;
+    routine = get_routine_from_dex_pool(format, *last);
+
+    if (routine == NULL) return NULL;
+
+
     result = g_object_new(G_TYPE_DEX_METHOD, NULL);
 
     result->body = item;
@@ -143,9 +149,6 @@ GDexMethod *g_dex_method_new(const GDexFormat *format, const encoded_method *see
     //printf(" code size  :: %d\n", item.insns_size);
 
 
-    *last += seed->method_idx_diff;
-    routine = get_routine_from_dex_pool(format, *last);
-
     printf(" method idx :: %lld\n", *last);
 
 
diff --git a/src/panels/symbols.c b/src/panels/symbols.c
index 534afee..d24bedf 100644
--- a/src/panels/symbols.c
+++ b/src/panels/symbols.c
@@ -518,7 +518,7 @@ static bool find_parent_for_routine(GtkTreeStore *store, const GBinRoutine *rout
     char *saveptr;                          /* Ctx. interne de découpage   */
 
     namespace = g_binary_routine_get_namespace(routine);
-    if (routine == NULL) return false;
+    if (namespace == NULL) return false;
 
     string = g_openida_type_to_string(namespace);
 
-- 
cgit v0.11.2-87-g4458