Update sdb to fix an overflow in the base64 decoder

libr/core/vmenus.c

@@ -448,9 +448,9 @@ static int cmtcb(void *usr, const char *k, const char *v) {
 		RList *list = (RList*)usr;
 		char *msg, *comma = strchr (v, ',');
 		if (comma) {
-			comma = strchr (comma+1, ',');
+			comma = strchr (comma + 1, ',');
 			if (comma) {
-				msg = (char *)sdb_decode (comma+1, NULL);
+				msg = (char *)sdb_decode (comma + 1, NULL);
 				if (msg) {
 					msg = r_str_replace (msg, "\n", "", true);
 					r_list_append (list, r_str_newf ("%s  %s", k+7, msg));

libr/util/p_format.c

@@ -712,7 +712,6 @@ static void r_print_format_float(const RPrint* p, int endian, int mode,
 		const char* setval, ut64 seeki, ut8* buf, int i, int size) {
 	float val_f = 0.0f;
 	ut64 addr = 0;
-	ut32 addr32;
 	int elem = -1;
 	if (size >= ARRAYINDEX_COEF) {
 		elem = size/ARRAYINDEX_COEF - 1;

shlr/sdb/src/array.c

@@ -43,13 +43,13 @@ static int astrcmp (const char *a, const char *b) {
 	}
 }
 
-static inline int cstring_cmp(const void *a, const void *b) {
+static inline int cstring_cmp(const void *a, const void *b) { 
 	const char **va = (const char **)a;
 	const char **vb = (const char **)b;
 	return astrcmp (*va, *vb);
 }
 
-static inline int int_cmp(const void *a, const void *b) {
+static inline int int_cmp(const void *a, const void *b) { 
 	const ut64 va = *(const ut64 *)a;
 	const ut64 vb = *(const ut64 *)b;
 	if (va > vb) {
@@ -59,7 +59,7 @@ static inline int int_cmp(const void *a, const void *b) {
 		return -1;
 	}
 	return 0;
-}
+} 
 
 SDB_API ut64 sdb_array_get_num(Sdb *s, const char *key, int idx, ut32 *cas) {
 	int i;
@@ -639,3 +639,4 @@ SDB_API void sdb_array_sort_num(Sdb *s, const char *key, ut32 cas) {
 	free (nums);
 	return;
 }
+

shlr/sdb/src/base64.c

@@ -24,8 +24,8 @@ static int b64_decode(const char in[4], ut8 out[3]) {
 		if (in[i]<'+' || in[i]>'z')
 			return -1;
 		v[i] = cd64[in[i]-'+'];
-		if (v[i]=='$') {
-			len = i-1;
+		if (v[i] == '$') {
+			len = i? i - 1: -1;
 			break;
 		} else v[i]-=62;
 	}
@@ -45,10 +45,11 @@ SDB_API void sdb_encode_raw(char *bout, const ut8 *bin, int len) {
 
 SDB_API int sdb_decode_raw(ut8 *bout, const char *bin, int len) {
 	int in, out, ret;
-	for (in=out=0; in<len; in+=4) {
-		ret = b64_decode (bin+in, bout+out);
-		if (ret < 1)
+	for (in = out = 0; in < len; in += 4) {
+		ret = b64_decode (bin + in, bout + out);
+		if (ret < 1) {
 			break;
+		}
 		out += ret;
 	}
 	return (in != out)? out: 0;
@@ -69,14 +70,16 @@ SDB_API ut8 *sdb_decode (const char *in, int *len) {
 	ut8 *out;
 	ut32 size;
 	int olen, ilen;
+	if (len) {
+		*len = 0;
+	}
 	if (!in) return NULL;
 	ilen = strlen (in);
 	if (!ilen) return NULL;
-	size = (ilen * 2) + 16;
+	size = (ilen * 3) + 16;
 	if (size < (ut32)ilen) return NULL;
-	out = malloc (size);
+	out = calloc (1, size);
 	if (!out) return NULL;
-	memset (out, 0, ilen+8);
 	olen = sdb_decode_raw (out, in, ilen);
 	if (!olen) {
 		free (out);

shlr/sdb/src/cdb.c

@@ -82,7 +82,7 @@ int cdb_read(struct cdb *c, char *buf, ut32 len, ut32 pos) {
 	}
 	while (len > 0) {
 		ssize_t r = read (c->fd, buf, len);
-		if (r != len) {
+		if (r < 1 || (ut32) r != len) {
 			return 0;
 		}
 		buf += r;

shlr/sdb/src/cdb_make.c

@@ -44,9 +44,13 @@ char *cdb_alloc(ut32 n) {
 #endif
 }
 
+#if __SDB_WINDOWS && !__CYGWIN__
+extern void _aligned_free(void *memblock);
+#endif
+
 void cdb_alloc_free(void *x) {
 #if __SDB_WINDOWS__ && !__CYGWIN__
-	_aligned_free(x);
+	_aligned_free (x);
 #else
 	free (x);
 #endif