Fix #638 - /R segfaults (x86-udis86-esil issue)

radareorg · Feb 21, 2014 · 1656f20 · 1656f20
1 parent 22f864a
commit 1656f20
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 36 deletions.
diff --git a/libr/anal/anal.c b/libr/anal/anal.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2009-2013 - pancake, nibble */
+/* radare - LGPL - Copyright 2009-2014 - pancake, nibble */
 
 #include <r_anal.h>
 #include <r_util.h>
@@ -46,14 +46,13 @@ R_API RAnal *r_anal_new() {
 	RAnalPlugin *static_plugin;
 	RAnal *anal = R_NEW0 (RAnal);
 	if (!anal) return NULL;
-	memset (anal, 0, sizeof (RAnal));
+	anal->cpu = NULL;
+	anal->decode = R_TRUE; // slow slow if not used
 	anal->sdb_vars = sdb_new (NULL, NULL, 0);
 	anal->sdb_refs = sdb_new (NULL, NULL, 0);
 	anal->sdb_args = sdb_new (NULL, NULL, 0);
 	anal->sdb_ret = sdb_new (NULL, NULL, 0);
 	anal->sdb_locals = sdb_new (NULL, NULL, 0);
-	anal->cpu = NULL;
-	anal->decode = R_TRUE; // slow slow if not used
 	anal->sdb_xrefs = NULL;
 	anal->sdb_types = sdb_new (NULL, NULL, 0);
 	anal->sdb_meta = NULL; // TODO : implement sdb_meta
@@ -113,7 +112,6 @@ R_API void r_anal_free(RAnal *a) {
 	sdb_free (a->sdb_args);
 	sdb_free (a->sdb_locals);
 	// r_io_free(anal->iob.io); // need r_core (but recursive problem to fix)
-
 	free (a);
 }
 
@@ -171,8 +169,8 @@ R_API int r_anal_set_bits(RAnal *anal, int bits) {
 }
 
 R_API void r_anal_set_cpu(RAnal *anal, const char *cpu) {
-	free(anal->cpu);
-	anal->cpu = cpu ? strdup(cpu) : NULL;
+	free (anal->cpu);
+	anal->cpu = cpu ? strdup (cpu) : NULL;
 }
 
 R_API int r_anal_set_big_endian(RAnal *anal, int bigend) {

diff --git a/libr/anal/data.c b/libr/anal/data.c
@@ -42,11 +42,12 @@ static int is_invalid (const ut8 *buf, int size) {
 }
 
 static ut64 is_pointer(RIOBind *iob, const ut8 *buf, int endian, int size) {
+	ut64 n;
 	ut8 buf2[32];
 	int ret;
 	if (size > sizeof (buf2))
 		size = sizeof (buf2);
-	ut64 n = r_mem_get_num (buf, size, endian);
+	n = r_mem_get_num (buf, size, endian);
 	if (!n) return 1; // null pointer
 
 	// optimization to ignore very low and very high pointers
@@ -72,8 +73,7 @@ static int is_bin(const ut8 *buf) {
 
 // XXX: optimize by removing all strlens here
 R_API char *r_anal_data_to_string (RAnalData *d) {
-	int i, idx;
-	int mallocsz = 256;
+	int i, idx, mallocsz = 256;
 	ut32 n32 = (ut32)d->ptr;
 	char *line = malloc (mallocsz);
 	snprintf (line, mallocsz, "0x%08"PFMT64x"  ", d->addr);
@@ -143,8 +143,8 @@ R_API RAnalData *r_anal_data_new_string (ut64 addr, const char *p, int len, int
 R_API RAnalData *r_anal_data_new (ut64 addr, int type, ut64 n, const ut8 *buf, int len) {
 	RAnalData *ad = R_NEW0 (RAnalData);
 	ad->buf = (ut8*) &(ad->sbuf);
-	if (buf) memcpy (ad->buf, buf, 8);
-	else memset (ad->buf, 0, 8);
+	memset (ad->buf, 0, 8);
+	if (buf) memcpy (ad->buf, buf, R_MIN(8, len));
 	ad->addr = addr;
 	ad->type = type;
 	ad->str = NULL;

diff --git a/libr/anal/p/anal_x86_udis.c b/libr/anal/p/anal_x86_udis.c
@@ -162,7 +162,6 @@ int x86_udis86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 	UDis86Esil *handler;
 	UDis86OPInfo info = {0, anal->bits, (1LL << anal->bits) - 1, regsz, 0, pc, sp, bp};
 	memset (op, '\0', sizeof (RAnalOp));
-	r_strbuf_init (&op->esil);
 	op->addr = addr;
 	op->jump = op->fail = -1;
 	op->ptr = op->val = -1;
@@ -175,7 +174,7 @@ int x86_udis86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 	ud_disassemble (&u);
 
 	oplen = op->size = ud_insn_len (&u);
-
+	r_strbuf_init (&op->esil);
 	if (anal->decode && (handler = udis86_esil_get_handler (u.mnemonic))) {
 		info.oplen = oplen;
 		if (handler->argc > 0) {
@@ -189,7 +188,6 @@ int x86_udis86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 		}
 		handler->callback (&info, op, dst, src, str);
 	}
-
 	switch (u.mnemonic) {
 	case UD_Iinvalid:
 		oplen = op->size = -1;

diff --git a/libr/anal/p/esil_x86_udis.c b/libr/anal/p/esil_x86_udis.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2009-2013 - nibble, pancake */
+/* radare - LGPL - Copyright 2013-2014 - batchdrake */
 
 #include <r_lib.h>
 #include <r_types.h>
@@ -72,27 +72,23 @@ UDIS86_ESIL (loopne,"%s--,?%s==0|!zf,%s=%s", info->bits == 16 ? "cx" : (info->bi
 #define OP(args, inst) [JOIN (UD_I, inst)] = {args, UDIS86_ESIL_HANDLER (inst)}
 
 /* This is the fastest way I can think about to implement this list of handlers */
-UDis86Esil udis86_esil_callback_table[904] =
-{
-	OP (0, nop),   OP (1, jo),    OP (1, jno),    OP (1, jb),     OP (1, jae),
-	OP (1, je),    OP (1, jne),   OP (1, ja),     OP (1, jbe),    OP (1, js),
-	OP (1, jns),   OP (1, jp),    OP (1, jnp),    OP (1, jl),     OP (1, jge),
-	OP (1, jle),   OP (1, jg),    OP (1, jcxz),   OP (1, jecxz),  OP (1, jrcxz),
-	OP (1, jmp),   OP (1, call),  OP (2, shl),    OP (2, rol),    OP (2, ror),
-	OP (2, add),   OP (1, inc),   OP (2, sub),    OP (1, dec),    OP (2, cmp),
-	OP (2, xor),   OP (2, or),    OP (2, and),    OP (2, test),   OP (0, syscall),
-	OP (1, int),   OP (2, lea),   OP (2, mov),    OP (1, push),   OP (1, pop),
-	OP (0, leave), OP (0, ret),   OP (2, xchg),   OP (2, xadd),   OP (2, bt),
-	OP (2, btc),   OP (2, bts),   OP (2, btr),    OP (0, clc),    OP (0, cli),
-	OP (0, cld),   OP (0, cmc),   OP (0, int3),   OP (0, into),   OP (0, lahf),
-	OP (1, loop),  OP (1, loope), OP (1, loopne)
+UDis86Esil udis86_esil_callback_table[ UD_MAX_MNEMONIC_CODE ] = {
+	OP (0, nop),  OP (1, jo),   OP (1, jno), OP (1, jb),   OP (1, jae),
+	OP (1, je),   OP (1, jne),  OP (1, ja),  OP (1, jbe),  OP (1, js),
+	OP (1, jns),  OP (1, jp),   OP (1, jnp), OP (1, jl),   OP (1, jge),
+	OP (1, jle),  OP (1, jg),   OP (1, jcxz),OP (1, jecxz),OP (1, jrcxz),
+	OP (1, jmp),  OP (1, call), OP (2, shl), OP (2, rol),  OP (2, ror),
+	OP (2, add),  OP (1, inc),  OP (2, sub), OP (1, dec),  OP (2, cmp),
+	OP (2, xor),  OP (2, or),   OP (2, and), OP (2, test), OP (0, syscall),
+	OP (1, int),  OP (2, lea),  OP (2, mov), OP (1, push), OP (1, pop),
+	OP (0, leave),OP (0, ret),  OP (2, xchg),OP (2, xadd), OP (2, bt),
+	OP (2, btc),  OP (2, bts),  OP (2, btr), OP (0, clc),  OP (0, cli),
+	OP (0, cld),  OP (0, cmc),  OP (0, int3),OP (0, into), OP (0, lahf),
+	OP (1, loop), OP (1, loope),OP (1, loopne)
 };
 
-UDis86Esil *
-udis86_esil_get_handler (enum ud_mnemonic_code code)
-{
+UDis86Esil * udis86_esil_get_handler (enum ud_mnemonic_code code) {
 	if (udis86_esil_callback_table[code].callback == NULL)
 		return NULL;
-
 	return udis86_esil_callback_table + code;
 }
diff --git a/libr/core/cmd_print.c b/libr/core/cmd_print.c
@@ -1090,7 +1090,7 @@ static int cmd_print(void *data, const char *input) {
 			RList *hits;
 			RListIter *iter;
 			RCoreAsmHit *hit;
-			ut8 *block;
+			ut8 *block = NULL;
 
 			if (bw_disassemble) {
 				block = malloc (core->blocksize);
@@ -1102,7 +1102,7 @@ static int cmd_print(void *data, const char *input) {
 							core, addr-l, block, R_MIN (l, core->blocksize), l, 0, 1);
 					} else {
 						hits = r_core_asm_bwdisassemble (core, addr, l, core->blocksize);
-						if (hits && r_list_length(hits) > 0) {
+						if (hits && r_list_length (hits) > 0) {
 							ut32 instr_run = 0;
 							ut64 start_addr = 0;