From 9aaaa651d924eb30e46f26690aea007b7d868e35 Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Thu, 6 Sep 2018 22:45:36 +0200
Subject: Fixed possible UAFs when adding symbols.

---
 plugins/elf/strings.c                | 5 +++++
 plugins/pychrysalide/format/format.c | 1 +
 plugins/readelf/strtab.c             | 5 +++++
 3 files changed, 11 insertions(+)

diff --git a/plugins/elf/strings.c b/plugins/elf/strings.c
index 4d6b5c8..7dd644e 100644
--- a/plugins/elf/strings.c
+++ b/plugins/elf/strings.c
@@ -356,6 +356,9 @@ static bool do_elf_string_loading(GElfLoading *loading, GElfFormat *format, phys
             range = g_arch_instruction_get_range(instr);
 
             symbol = g_string_symbol_new_read_only(base, range, SET_GUESS);
+
+            g_object_ref(G_OBJECT(symbol));
+
             g_binary_format_add_symbol(base, symbol);
 
             /* Jointure avec la chaîne précédente ? */
@@ -368,6 +371,8 @@ static bool do_elf_string_loading(GElfLoading *loading, GElfFormat *format, phys
             if (cut)
                 g_string_symbol_build_label(G_STR_SYMBOL(symbol), base);
 
+            g_object_unref(G_OBJECT(symbol));
+
         }
 
         /* Conclusion */
diff --git a/plugins/pychrysalide/format/format.c b/plugins/pychrysalide/format/format.c
index bf6c3f1..af881af 100644
--- a/plugins/pychrysalide/format/format.c
+++ b/plugins/pychrysalide/format/format.c
@@ -130,6 +130,7 @@ static PyObject *py_binary_format_add_symbol(PyObject *self, PyObject *args)
     format = G_BIN_FORMAT(pygobject_get(self));
     symbol = G_BIN_SYMBOL(pygobject_get(symbol_obj));
 
+    g_object_ref(G_OBJECT(symbol));
     added = g_binary_format_add_symbol(format, symbol);
 
     result = added ? Py_True : Py_False;
diff --git a/plugins/readelf/strtab.c b/plugins/readelf/strtab.c
index 3cbe353..7645dec 100644
--- a/plugins/readelf/strtab.c
+++ b/plugins/readelf/strtab.c
@@ -113,6 +113,9 @@ static void parse_elf_string_table(GElfFormat *format, GPreloadInfo *info, const
                 irange = g_arch_instruction_get_range(instr);
 
                 symbol = g_string_symbol_new_read_only(base, irange, SET_GUESS);
+
+                g_object_ref(G_OBJECT(symbol));
+
                 g_binary_format_add_symbol(base, symbol);
 
                 /* Jointure avec la chaîne précédente ? */
@@ -120,6 +123,8 @@ static void parse_elf_string_table(GElfFormat *format, GPreloadInfo *info, const
                 if (cut)
                     g_string_symbol_build_label(G_STR_SYMBOL(symbol), base);
 
+                g_object_unref(G_OBJECT(symbol));
+
             }
 
             /* Conclusion */
-- 
cgit v0.11.2-87-g4458