diff --git a/binr/rabin2/rabin2.c b/binr/rabin2/rabin2.c index dcce7d3567..99bd5b4dcd 100644 --- a/binr/rabin2/rabin2.c +++ b/binr/rabin2/rabin2.c @@ -427,7 +427,7 @@ int main(int argc, char **argv) { if (p2) { // has data *p2++ = 0; - data = malloc (strlen (p2)); + data = malloc (strlen (p2)+1); datalen = r_hex_str2bin (p2, data); } else { data = NULL; diff --git a/libr/anal/anal.c b/libr/anal/anal.c index cb4fe07983..d836fdcb76 100644 --- a/libr/anal/anal.c +++ b/libr/anal/anal.c @@ -231,7 +231,7 @@ R_API RAnalOp *r_anal_op_hexstr(RAnal *anal, ut64 addr, const char *str) { int len; ut8 *buf; RAnalOp *op = R_NEW0 (RAnalOp); - buf = malloc (strlen (str)); + buf = malloc (strlen (str)+1); len = r_hex_str2bin (str, buf); r_anal_op (anal, op, addr, buf, len); return op; diff --git a/libr/anal/meta.c b/libr/anal/meta.c index 12d55ab7ae..16601ba6f6 100644 --- a/libr/anal/meta.c +++ b/libr/anal/meta.c @@ -109,6 +109,7 @@ R_API int r_meta_cleanup(RMeta *m, ut64 from, ut64 to) { return R_TRUE; } /* No _safe loop necessary because we break immediately after the delete. */ + if (m) r_list_foreach (m->data, iter, d) { switch (d->type) { case R_META_TYPE_CODE: diff --git a/libr/anal/types.c b/libr/anal/types.c index 7311fee978..d9a6a21c6e 100644 --- a/libr/anal/types.c +++ b/libr/anal/types.c @@ -77,6 +77,7 @@ R_API int r_anal_type_frame (RAnal *anal, ut64 addr, const char *type, const cha R_API int r_anal_type_frame_del (RAnal *anal, ut64 addr, const char *name) { //"(-)frame.%08"PFMT64x"=%s", addr, name //"frame.%08"PFMT64x".%s=", addr, name + return R_TRUE; } R_API int r_anal_type_link (RAnal *anal, const char *val, ut64 addr) { diff --git a/libr/asm/arch/x86/ollyasm/assembl.c b/libr/asm/arch/x86/ollyasm/assembl.c index 8158e0e9d9..d3f48068b4 100644 --- a/libr/asm/arch/x86/ollyasm/assembl.c +++ b/libr/asm/arch/x86/ollyasm/assembl.c @@ -717,10 +717,10 @@ int Assemble(char *cmd,ulong ip,t_asmmodel *model,int attempt, nameend=asmcmd; strupr(sdata); // Prepare full mnemonic (including repeat prefix, if any). - if (rep==SCAN_REP) sprintf(name,"REP %s",sdata); - else if (rep==SCAN_REPE) sprintf(name,"REPE %s",sdata); - else if (rep==SCAN_REPNE) sprintf(name,"REPNE %s",sdata); - else strcpy(name,sdata); + if (rep==SCAN_REP) snprintf(name,sizeof(name)-1,"REP %s",sdata); + else if (rep==SCAN_REPE) snprintf(name,sizeof(name)-1,"REPE %s",sdata); + else if (rep==SCAN_REPNE) snprintf(name,sizeof(name)-1,"REPNE %s",sdata); + else strncpy(name,sdata, sizeof(name)-1); Scanasm(0); // Parse command operands (up to 3). Note: jump address is always the first // (and only) operand in actual command set. diff --git a/libr/bin/format/mach0/mach0.c b/libr/bin/format/mach0/mach0.c index 093e5b3601..d2dce1cfb7 100644 --- a/libr/bin/format/mach0/mach0.c +++ b/libr/bin/format/mach0/mach0.c @@ -647,10 +647,10 @@ struct r_bin_mach0_reloc_t* MACH0_(r_bin_mach0_get_relocs)(struct MACH0_(r_bin_m if (bin->dyld_info) { ut8 *opcodes, *p, *end, type, rel_type; - int lib_ord, seg_idx, sym_ord = -1, wordsize; + int lib_ord, seg_idx = -1, sym_ord = -1, wordsize; size_t j, count, skip, bind_size, lazy_size; st64 addend = 0; - ut64 addr; + ut64 addr = 0LL; wordsize = MACH0_(r_bin_mach0_get_bits)(bin) / 8; #define CASE(T) case (T / 8): rel_type = R_BIN_RELOC_ ## T; break @@ -808,7 +808,8 @@ struct r_bin_mach0_addr_t* MACH0_(r_bin_mach0_get_entrypoint)(struct MACH0_(r_bi if (bin->entry) { entry->offset = MACH0_(r_bin_mach0_addr_to_offset)(bin, bin->entry); entry->addr = bin->entry; - } + } + entry->addr = 0LL; if (!bin->entry || (entry->offset==0)) { // XXX: section name doesnt matters at all.. just check for exec flags for (i = 0; i < bin->nsects; i++) { @@ -816,7 +817,7 @@ struct r_bin_mach0_addr_t* MACH0_(r_bin_mach0_get_entrypoint)(struct MACH0_(r_bi entry->offset = (ut64)bin->sects[i].offset; entry->addr = (ut64)bin->sects[i].addr; if (entry->addr==0) // workaround for object files - entry->addr=entry->offset; + entry->addr = entry->offset; break; } } diff --git a/libr/bin/format/pe/pe.c b/libr/bin/format/pe/pe.c index eb271588c0..33bb3c633a 100644 --- a/libr/bin/format/pe/pe.c +++ b/libr/bin/format/pe/pe.c @@ -455,7 +455,7 @@ struct r_bin_pe_lib_t* PE_(r_bin_pe_get_libs)(struct PE_(r_bin_pe_obj_t) *bin) { } } for (i = 0; i < j; i++) { - libs[i].name[PE_STRING_LENGTH] = '\0'; + libs[i].name[PE_STRING_LENGTH-1] = '\0'; libs[i].last = 0; } libs[i].last = 1; @@ -641,7 +641,7 @@ struct r_bin_pe_section_t* PE_(r_bin_pe_get_sections)(struct PE_(r_bin_pe_obj_t) } for (i = 0; i < sections_count; i++) { memcpy (sections[i].name, shdr[i].Name, PE_IMAGE_SIZEOF_SHORT_NAME); - sections[i].name[PE_IMAGE_SIZEOF_SHORT_NAME] = '\0'; + sections[i].name[PE_IMAGE_SIZEOF_SHORT_NAME-1] = '\0'; sections[i].rva = shdr[i].VirtualAddress; sections[i].size = shdr[i].SizeOfRawData; sections[i].vsize = shdr[i].Misc.VirtualSize; diff --git a/libr/core/asm.c b/libr/core/asm.c index 60e2bce4bb..aa290da423 100644 --- a/libr/core/asm.c +++ b/libr/core/asm.c @@ -188,11 +188,14 @@ static int prune_hits_in_hit_range(RList *hits, RCoreAsmHit *hit){ end_range = hit->addr + hit->len; r_list_foreach_safe (hits, iter, iter_tmp, to_check_hit){ if (to_check_hit && is_hit_inrange(to_check_hit, start_range, end_range)) { - IFDBG eprintf ("Found hit that clashed (start: 0x%"PFMT64x" - end: 0x%"PFMT64x" ), 0x%"PFMT64x" len: %d (valid: %d 0x%"PFMT64x" - 0x%"PFMT64x")\n", start_range, end_range, - to_check_hit->addr, to_check_hit->len, to_check_hit->valid, to_check_hit->addr, to_check_hit->addr+to_check_hit->len); + IFDBG eprintf ("Found hit that clashed (start: 0x%"PFMT64x + " - end: 0x%"PFMT64x" ), 0x%"PFMT64x" len: %d (valid: %d 0x%"PFMT64x + " - 0x%"PFMT64x")\n", start_range, end_range, to_check_hit->addr, + to_check_hit->len, to_check_hit->valid, to_check_hit->addr, + to_check_hit->addr+to_check_hit->len); // XXX - could this be a valid decode instruction we are deleting? r_list_delete (hits, iter); - iter->data = NULL; + //iter->data = NULL; to_check_hit = NULL; result ++; } diff --git a/libr/core/cmd.c b/libr/core/cmd.c index 078335353f..cf343391ce 100644 --- a/libr/core/cmd.c +++ b/libr/core/cmd.c @@ -1156,6 +1156,7 @@ next2: const char *offstr; char *f, *ptr2 = strchr (ptr+1, '!'); int sz, len; + addr = 0LL; tmpoff = core->offset; tmpbsz = core->blocksize; @@ -1185,7 +1186,7 @@ repeat_arroba: break; case '8': case 'b': - buf = malloc (strlen (ptr+2)); + buf = malloc (strlen (ptr+2)+1); if (!buf) { eprintf ("cannot allocate\n"); return R_FALSE; diff --git a/libr/core/cmd_anal.c b/libr/core/cmd_anal.c index 96fb6819ab..432b65e894 100644 --- a/libr/core/cmd_anal.c +++ b/libr/core/cmd_anal.c @@ -291,7 +291,7 @@ static int cmd_anal(void *data, const char *input) { case '8': // TODO: rename to 'ab'? if (input[1]==' ') { int len; - ut8 *buf = malloc (strlen (input)); + ut8 *buf = malloc (strlen (input)+1); len = r_hex_str2bin (input+2, buf); if (len>0) r_core_anal_bytes (core, buf, len, 0); diff --git a/libr/core/cmd_cmp.c b/libr/core/cmd_cmp.c index 3443d56374..98f857ad78 100644 --- a/libr/core/cmd_cmp.c +++ b/libr/core/cmd_cmp.c @@ -204,7 +204,7 @@ static int cmd_cmp(void *data, const char *input) { eprintf ("Usage: cx 001122'\n"); return 0; } - buf = (ut8*)malloc (strlen (input+2)); + buf = (ut8*)malloc (strlen (input+2)+1); ret = r_hex_str2bin (input+2, buf); if (ret<1) eprintf ("Cannot parse hexpair\n"); else radare_compare (core, core->block, buf, ret); diff --git a/libr/core/cmd_meta.c b/libr/core/cmd_meta.c index c968e13701..7be8c4584f 100644 --- a/libr/core/cmd_meta.c +++ b/libr/core/cmd_meta.c @@ -244,8 +244,8 @@ static int cmd_meta(void *data, const char *input) { if (pattern && varsub) for (i = 0; i < R_ANAL_VARSUBS; i++) if (f->varsubs[i].pat[0] == '\0' || !strcmp (f->varsubs[i].pat, pattern)) { - strncpy (f->varsubs[i].pat, pattern, 1023); - strncpy (f->varsubs[i].sub, varsub, 1023); + strncpy (f->varsubs[i].pat, pattern, sizeof (f->varsubs[i].pat)-1); + strncpy (f->varsubs[i].sub, varsub, sizeof (f->varsubs[i].sub)-1); break; } } else eprintf ("Error: Function not found\n"); diff --git a/libr/core/cmd_search.c b/libr/core/cmd_search.c index 3f7576f779..95b9feb985 100644 --- a/libr/core/cmd_search.c +++ b/libr/core/cmd_search.c @@ -54,7 +54,7 @@ R_API int r_core_search_preludes(RCore *core) { ut64 to = core->offset+0xffffff; // hacky! // TODO: this is x86 only if (prelude && *prelude) { - ut8 *kw = malloc (strlen (prelude)); + ut8 *kw = malloc (strlen (prelude)+1); int kwlen = r_hex_str2bin (prelude, kw); ret = r_core_search_prelude (core, from, to, kw, kwlen, NULL, 0); free (kw); @@ -244,7 +244,6 @@ static int r_core_search_rop(RCore *core, ut64 from, ut64 to, int opt) { RAnalOp aop; int roplen, i, delta = to-from; ut64 ropat; - int oplen = 0; if (delta<1) return R_FALSE; buf = malloc (delta); @@ -252,6 +251,7 @@ static int r_core_search_rop(RCore *core, ut64 from, ut64 to, int opt) { for (i=0; ianal, &aop, from+i, buf+i, delta-i)) { int ret = r_asm_disassemble (core->assembler, &asmop, buf+i, delta-i); + if (ret>0) switch (aop.type) { case R_ANAL_OP_TYPE_TRAP: case R_ANAL_OP_TYPE_RET: diff --git a/libr/core/io.c b/libr/core/io.c index 7ae6199bf1..7cd2ab3d91 100644 --- a/libr/core/io.c +++ b/libr/core/io.c @@ -61,7 +61,7 @@ R_API int r_core_write_op(RCore *core, const char *arg, char op) { // XXX we can work with config.block instead of dupping it buf = (ut8 *)malloc (core->blocksize); - str = (char *)malloc (strlen (arg)); + str = (char *)malloc (strlen (arg)+1); if (buf == NULL || str == NULL) goto beach; memcpy (buf, core->block, core->blocksize); diff --git a/libr/db/db.c b/libr/db/db.c index a3c43250b9..bad35ca83f 100644 --- a/libr/db/db.c +++ b/libr/db/db.c @@ -65,8 +65,8 @@ static int _r_db_add_internal(struct r_db_t *db, int key, void *b) { block->data[0] = b; block->data[1] = NULL; } else { - for(len=0;block->data[len];len++); - block->data = realloc(block->data, sizeof(void *)*(len+1)); + for (len=0; block->data[len]; len++); + block->data = realloc (block->data, sizeof (void *)*(len+2)); block->data[len] = b; block->data[len+1] = NULL; } diff --git a/libr/flags/flags.c b/libr/flags/flags.c index 8791ed136f..e16372232d 100644 --- a/libr/flags/flags.c +++ b/libr/flags/flags.c @@ -261,10 +261,12 @@ R_API int r_flag_rename(RFlag *f, RFlagItem *item, const char *name) { if (list) { RFlagItem *item = r_list_get_top (list); if (r_list_empty (list)) { - r_list_free (list); + //r_list_free (list); r_hashtable64_remove (f->ht_name, hash); + } else { + r_hashtable64_remove (f->ht_name, hash); + r_list_delete_data (list, item); } - r_list_delete_data (list, item); if (!r_flag_item_set_name (item, name)) { r_list_append (list, item); return R_FALSE; diff --git a/libr/fs/fs.c b/libr/fs/fs.c index 0f338f3296..5fd0de27b1 100644 --- a/libr/fs/fs.c +++ b/libr/fs/fs.c @@ -496,7 +496,7 @@ R_API char *r_fs_name (RFS *fs, ut64 offset) { for (i=0; fstypes[i].name; i++) { RFSType *f = &fstypes[i]; - len = R_MIN (f->buflen, sizeof (buf)); + len = R_MIN (f->buflen, sizeof (buf)-1); fs->iob.read_at (fs->iob.io, offset + f->bufoff, buf, len); if (f->buflen>0 && !memcmp (buf, f->buf, f->buflen)) { ret = R_TRUE; @@ -606,17 +606,18 @@ R_API int r_fs_prompt (RFS *fs, const char *root) { eprintf ("%s %s\n", r->path, r->p->name); } } else if (!memcmp (buf, "get ", 4)) { + char *s; input = buf+3; while (input[0] == ' ') input++; + s = malloc (strlen (str) + strlen (input) + 2); if (input[0] == '/') { - if (root) - strncpy (str, root, sizeof (str)-1); - else str[0] = 0; - } else strncpy (str, path, sizeof (str)-1); - strcat (str, "/"); - strcat (str, input); - file = r_fs_open (fs, str); + if (root) strcpy (s, root); + else *s = 0; + } else strcpy (s, path); + strcat (s, "/"); + strcat (s, input); + file = r_fs_open (fs, s); if (file) { r_fs_read (fs, file, 0, file->size); r_file_dump (input, file->data, file->size); @@ -625,9 +626,10 @@ R_API int r_fs_prompt (RFS *fs, const char *root) { } else { input -= 2; //OMFG!!!! O_O memcpy (input, "./", 2); - if (!r_fs_dir_dump (fs, str, input)) + if (!r_fs_dir_dump (fs, s, input)) printf ("Cannot open file\n"); } + free (s); } else if (!memcmp (buf, "help", 4) || !strcmp (buf, "?")) { eprintf ( "Commands:\n" diff --git a/libr/magic/apprentice.c b/libr/magic/apprentice.c index b438ee65dd..067903d85d 100644 --- a/libr/magic/apprentice.c +++ b/libr/magic/apprentice.c @@ -1725,23 +1725,24 @@ static int apprentice_compile(RMagic *ms, struct r_magic **magicp, ut32 *nmagicp if (write(fd, ar, sizeof(ar)) != (ssize_t)sizeof(ar)) { file_error(ms, errno, "error writing `%s'", dbname); - goto out; + goto beach; } if (lseek(fd, (off_t)sizeof(struct r_magic), SEEK_SET) != sizeof(struct r_magic)) { file_error(ms, errno, "error seeking `%s'", dbname); - goto out; + goto beach; } if (write(fd, *magicp, (sizeof(struct r_magic) * *nmagicp)) != (ssize_t)(sizeof(struct r_magic) * *nmagicp)) { file_error(ms, errno, "error writing `%s'", dbname); - goto out; + goto beach; } - (void)close(fd); rv = 0; +beach: + (void)close(fd); out: free(dbname); return rv; diff --git a/libr/search/keyword.c b/libr/search/keyword.c index 33c139a522..c2d6f5f439 100644 --- a/libr/search/keyword.c +++ b/libr/search/keyword.c @@ -55,8 +55,8 @@ R_API RSearchKeyword* r_search_keyword_new_hex(const char *kwstr, const char *bm ut8 *kw, *bm; int bmlen, kwlen; if (kwstr != NULL) { - kw = malloc (strlen (kwstr)); - bm = malloc (strlen (bmstr)); + kw = malloc (strlen (kwstr)+1); + bm = malloc (strlen (bmstr)+1); if (kw != NULL && bm != NULL) { bmlen = r_hex_str2bin (bmstr, (ut8*)bm); kwlen = r_hex_str2bin (kwstr, (ut8*)kw); diff --git a/libr/util/str.c b/libr/util/str.c index b0d3b2c207..8eb0bcd137 100644 --- a/libr/util/str.c +++ b/libr/util/str.c @@ -1236,3 +1236,5 @@ R_API void r_str_truncate_cmd(char *string) { } } } + +// STATIC/DYNAMIC STRINGS API diff --git a/libr/util/sys.c b/libr/util/sys.c index bc1fc18540..35abcf0b2d 100644 --- a/libr/util/sys.c +++ b/libr/util/sys.c @@ -282,14 +282,14 @@ R_API int r_sys_cmd_str_full(const char *cmd, const char *input, char **output, if (pipe (sh_out)) { close (sh_in[0]); close (sh_in[1]); + close (sh_out[0]); + close (sh_out[1]); return R_FALSE; } } if (pipe (sh_err)) { close (sh_in[0]); close (sh_in[1]); - close (sh_out[0]); - close (sh_out[1]); return R_FALSE; } @@ -589,7 +589,7 @@ R_API char *r_sys_pid_to_path(int pid) { int ret; char buf[128], pathbuf[1024]; snprintf (buf, sizeof (buf), "/proc/%d/exe", pid); - ret = readlink (buf, pathbuf, sizeof (pathbuf)); + ret = readlink (buf, pathbuf, sizeof (pathbuf)-1); if (ret<1) return NULL; pathbuf[ret] = 0; diff --git a/shlr/java/class.c b/shlr/java/class.c index 0f2beb30d0..4b345a090f 100644 --- a/shlr/java/class.c +++ b/shlr/java/class.c @@ -950,9 +950,9 @@ R_API RBinJavaAttrInfo* r_bin_java_get_attr_from_field(RBinJavaField *field, R_B rvalue: NULL or the first occurrence of attr_type after pos */ - RBinJavaAttrInfo *attr, *item; + RBinJavaAttrInfo *attr = NULL, *item; RListIter *iter; - ut32 i; + ut32 i = 0; if (field) { r_list_foreach (field->attributes, iter, item) {