dnrops
/
radare2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #10296 - Heap out of bounds read in java_switch_op()

This commit is contained in:
pancake 2018-06-11 03:15:07 +02:00
parent c488aaa208
commit 224e6bc13f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libr/anal/p/anal_java.c
View File

@ -679,11 +679,11 @@ static int java_switch_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data,
if (op_byte == 0xaa) { if (op_byte == 0xaa) {
// handle a table switch condition // handle a table switch condition
if (pos + 8 > len) { if (pos + 8 + 8 > len) {
return op->size; return op->size;
} }
int min_val = (ut32)(UINT (data, pos + 4)), const int min_val = (ut32)(UINT (data, pos + 4));
max_val = (ut32)(UINT (data, pos + 8)); const int max_val = (ut32)(UINT (data, pos + 8));
ut32 default_loc = (ut32) (UINT (data, pos)), cur_case = 0; ut32 default_loc = (ut32) (UINT (data, pos)), cur_case = 0;
op->switch_op = r_anal_switch_op_new (addr, min_val, default_loc); op->switch_op = r_anal_switch_op_new (addr, min_val, default_loc);