dnrops
/
radare2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix esil_sub and a null-ptr-deref

This commit is contained in:
condret 2015-03-11 14:49:37 +01:00
parent b8dc7480fd
commit cc09d623fd
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
libr/anal/rpnesil.c
View File

@ -157,13 +157,13 @@ static int esil_internal_parity_check (RAnalEsil *esil) {
}
static int esil_internal_signature_check (RAnalEsil *esil) {
if (!esil || !esil->lastsz)
if (!esil || !esil->lastsz) //XXX we must rethink of how we set esil->lastsz (check the src) (a,a,^=,%%z,z,= esil->lastsz will be 1 here not sizeof(a))
return R_FALSE;
return (esil->cur & (0x1<<(esil->lastsz-1)))>>(esil->lastsz-1);
}
static int esil_internal_overflow_check (RAnalEsil *esil) {
if (!esil && esil->lastsz > 1)
if (!esil || (esil->lastsz < 2))
return R_FALSE;
return (esil_internal_borrow_check (esil, esil->lastsz) ^ esil_internal_carry_check (esil, esil->lastsz-2)); //according to wikipedia this should work
} //cannot imagine any case wher both happens, maybe it's not that simple
@ -998,11 +998,11 @@ static int esil_inceq (RAnalEsil *esil) {
static int esil_sub (RAnalEsil *esil) {
int ret = 0;
ut64 s = 0, d = 0;
char *src = r_anal_esil_pop (esil);
char *dst = r_anal_esil_pop (esil);
char *src = r_anal_esil_pop (esil);
if (src && r_anal_esil_get_parm (esil, src, &s)) {
if (dst && r_anal_esil_get_parm (esil, dst, &d)) {
r_anal_esil_pushnum (esil, s-d);
r_anal_esil_pushnum (esil, d-s);
ret = R_TRUE;
} else {
eprintf ("esil_sub: invalid parameters");
@ -1018,22 +1018,22 @@ static int esil_sub (RAnalEsil *esil) {
static int esil_subeq (RAnalEsil *esil) {
int ret = 0;
ut64 s, d;
char *src = r_anal_esil_pop (esil);
char *dst = r_anal_esil_pop (esil);
if (dst && r_anal_esil_get_parm (esil, dst, &s)) {
if (src && esil_reg_read (esil, src, &d)) {
if (r_anal_esil_get_parm_type (esil, dst) != R_ANAL_ESIL_PARM_INTERNAL)
char *src = r_anal_esil_pop (esil);
if (src && r_anal_esil_get_parm (esil, src, &s)) {
if (dst && esil_reg_read (esil, dst, &d)) {
if (r_anal_esil_get_parm_type (esil, src) != R_ANAL_ESIL_PARM_INTERNAL)
esil->old = d;
esil_reg_write (esil, src, d-s);
if (r_anal_esil_get_parm_type (esil, dst) != R_ANAL_ESIL_PARM_INTERNAL)
esil_reg_write (esil, dst, d-s);
if (r_anal_esil_get_parm_type (esil, src) != R_ANAL_ESIL_PARM_INTERNAL)
esil->cur = d-s;
ret = R_TRUE;
}
} else {
eprintf ("esil_subeq: invalid parameters\n");
}
free (dst);
free (src);
free (dst);
return ret;
}