Skip to content

Commit

Permalink
Fix omf crash 605d
Browse files Browse the repository at this point in the history
  • Loading branch information
@alvarofe @radare
alvarofe authored and radare committed Oct 27, 2015
1 parent 1ce7c41 commit 13fd1d0
Showing 1 changed file with 24 additions and 24 deletions.
48 changes: 24 additions & 24 deletions libr/bin/format/omf/omf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ static int is_valid_omf_type(ut8 type) {
return true;

eprintf ("Invalid record type\n");

return false;
}

Expand Down Expand Up @@ -84,7 +84,7 @@ static int load_omf_lnames(OMF_record *record, const char *buf, ut64 buf_size) {
return false;
record->content = ret;

while (tmp_size < record->size - 1) {
while ((int)tmp_size < (int)(record->size - 1)) {
int next;
ret->nb_elem++;
next = buf[3 + tmp_size] + 1;
Expand All @@ -96,9 +96,9 @@ static int load_omf_lnames(OMF_record *record, const char *buf, ut64 buf_size) {
return false;
}
names = (char **)ret->elems;

tmp_size = 0;
while (tmp_size < record->size - 1) {
while ((int)tmp_size < (int)(record->size - 1)) {
// sometimes there is a name with a null size so we just skip it
if (!buf[3 + tmp_size]) {
names[ct_name++] = NULL;
Expand All @@ -115,7 +115,7 @@ static int load_omf_lnames(OMF_record *record, const char *buf, ut64 buf_size) {
free_lname (ret);
return false;
}

memcpy (names[ct_name], buf + 3 + tmp_size + 1,
buf[3 + tmp_size]);

Expand All @@ -128,7 +128,7 @@ static int load_omf_lnames(OMF_record *record, const char *buf, ut64 buf_size) {
static int load_omf_segdef(OMF_record *record, const char *buf, ut64 buf_size) {
OMF_segment *ret = NULL;
int off_add;

if (!(ret = R_NEW0 (OMF_segment)))
return false;
record->content = ret;
Expand Down Expand Up @@ -159,7 +159,7 @@ static int load_omf_segdef(OMF_record *record, const char *buf, ut64 buf_size) {
ret->size = UT16_MAX;
ret->size = *((ut16 *)(buf + 4 + off_add));
}

if (buf[3] & 1)
ret->bits = 32;
else ret->bits = 16;
Expand Down Expand Up @@ -189,16 +189,16 @@ static int load_omf_symb(OMF_record *record, ut32 ct, const char *buf, int bits,
ut32 nb_symb = 0;
ut8 str_size = 0;
OMF_symbol *symbol;

while (nb_symb < ((OMF_multi_datas *)record->content)->nb_elem) {
symbol = ((OMF_symbol *)((OMF_multi_datas *)record->content)->elems) + nb_symb;

if (record->size - 1 < ct - 2) {
eprintf ("Invalid Pubdef record (bad size)\n");
return false;
}
str_size = buf[ct];

if (bits == 32) {
if (ct + 1 + str_size + 4 - 3 > record->size) {
eprintf ("Invalid Pubdef record (bad size)\n");
Expand All @@ -214,12 +214,12 @@ static int load_omf_symb(OMF_record *record, ut32 ct, const char *buf, int bits,
}

symbol->seg_idx = seg_idx;

if (!(symbol->name = R_NEWS0 (char, str_size + 1)))
return false;
symbol->name[str_size] = 0;
memcpy (symbol->name, buf + ct + 1, sizeof(char) * str_size);

ct += 1 + str_size + (bits == 32 ? 4 : 2);
if (buf[ct] & 0x80) //type index
ct += 2;
Expand All @@ -234,7 +234,7 @@ static int load_omf_pubdef(OMF_record *record, const char *buf) {
ut16 seg_idx;
ut16 ct = 0;
ut16 base_grp;

if (record->size < 2) {
eprintf ("Invalid Pubdef record (bad size)\n");
return false;
Expand All @@ -245,14 +245,14 @@ static int load_omf_pubdef(OMF_record *record, const char *buf) {
if (buf[ct] & 0x80) // sizeof base groups index
ct += 2;
else ct++;

if (record->size < ct - 2) {
eprintf ("Invalid Pubdef record (bad size)\n");
return false;
}

seg_idx = omf_get_idx (buf + ct);

if (buf[ct] & 0x80) // sizeof base segment index
ct += 2;
else ct++;
Expand Down Expand Up @@ -358,7 +358,7 @@ static OMF_record_handler *load_record_omf(const char *buf, ut64 global_ct, ut64
return NULL;
((OMF_record *)new)->type = *buf;
((OMF_record *)new)->size = *((ut16 *)(buf + 1));

// at least a record have a type a size and a checksum
if (((OMF_record *)new)->size > buf_size - 3 || buf_size < 4) {
eprintf("Invalid record (too short)\n");
Expand All @@ -380,7 +380,7 @@ static int load_all_omf_records(r_bin_omf_obj *obj, const char *buf, ut64 size)
ut64 ct = 0;
OMF_record_handler *new_rec = NULL;
OMF_record_handler *tmp = NULL;

while (ct < size) {
if (!(new_rec = load_record_omf (buf + ct, ct, size - ct)))
return false;
Expand Down Expand Up @@ -455,7 +455,7 @@ static int cpy_omf_names(r_bin_omf_obj *obj) {
static void get_omf_section_info(r_bin_omf_obj *obj) {
OMF_record_handler *tmp = obj->records;
ut32 ct_obj = 0;

while ((tmp = get_next_omf_record_type (tmp, OMF_SEGDEF))) {
obj->sections[ct_obj] = ((OMF_record *)tmp)->content;
((OMF_record *)tmp)->content = NULL;
Expand Down Expand Up @@ -526,7 +526,7 @@ static int get_omf_infos(r_bin_omf_obj *obj) {
if (!(obj->sections = R_NEWS0 (OMF_segment *, obj->nb_section)))
return false;
get_omf_section_info (obj);

// get all data (ledata record)
get_omf_data_info (obj);

Expand Down Expand Up @@ -638,13 +638,13 @@ int r_bin_omf_get_entry(r_bin_omf_obj *obj, RBinAddr *addr) {
ut32 ct_sym = 0;
OMF_data *data;
ut32 offset = 0;

while (ct_sym < obj->nb_symbol) {
if (!strcmp (obj->symbols[ct_sym]->name, "_start")) {
if (obj->symbols[ct_sym]->seg_idx - 1 > obj->nb_section) {
eprintf ("Invalid segment index for symbol _start\n");
return false;
}
}
addr->vaddr = obj->sections[obj->symbols[ct_sym]->seg_idx - 1]->vaddr + obj->symbols[ct_sym]->offset + OMF_BASE_ADDR;
data = obj->sections[obj->symbols[ct_sym]->seg_idx - 1]->data;
while (data) {
Expand Down Expand Up @@ -675,7 +675,7 @@ int r_bin_omf_send_sections(RList *list, OMF_segment *section, r_bin_omf_obj *ob
RBinSection *new;
OMF_data *data = section->data;
ut32 ct_name = 1;

while (data) {
if (!(new = R_NEW0 (RBinSection)))
return false;
Expand All @@ -700,7 +700,7 @@ int r_bin_omf_send_sections(RList *list, OMF_segment *section, r_bin_omf_obj *ob
ut64 r_bin_omf_get_paddr_sym(r_bin_omf_obj *obj, OMF_symbol *sym) {
OMF_data *data;
ut64 offset = 0;

if (sym->seg_idx - 1 > obj->nb_section)
return 0;

Expand Down

0 comments on commit 13fd1d0

Please sign in to comment.