]> git.feebdaed.xyz Git - 0xmirror/radare2.git/commitdiff
projects / 0xmirror / radare2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a05253e)
Fix last covs in analtp/pe/apfs
authorpancake <pancake@nopcode.org>
Thu, 11 Dec 2025 15:08:00 +0000 (16:08 +0100)
committerpancake <pancake@nowsecure.com>
Thu, 11 Dec 2025 15:08:25 +0000 (16:08 +0100)
libr/anal/p/anal_tp.c patch | blob | history
libr/bin/p/bin_pe.inc.c patch | blob | history
libr/fs/p/fs_apfs.c patch | blob | history

diff --git a/libr/anal/p/anal_tp.c b/libr/anal/p/anal_tp.c
index 4398b4392063c7d82475ff252debc38c03e0f118..15a86a39c6870c870efc74ace5b99529b89e882b 100644 (file)
--- a/libr/anal/p/anal_tp.c
+++ b/libr/anal/p/anal_tp.c
@@ -154,7 +154,16 @@ static void type_trace_voyeur_reg_write(void *user, const char *name, ut64 old,
                return;
        }
        char *name_dup = strdup (name);
+       if (!name_dup) {
+               R_LOG_ERROR ("Failed to allocate(strdup) memory for storing access");
+               return;
+       }
        TypeTraceAccess *access = VecAccess_emplace_back (&trace->db.accesses);
+       if (!access) {
+               free (name_dup);
+               R_LOG_ERROR ("Failed to allocate memory for storing access");
+               return;
+       }
        access->is_reg = true;
        access->reg.name = name_dup;
        access->reg.value = val;
diff --git a/libr/bin/p/bin_pe.inc.c b/libr/bin/p/bin_pe.inc.c
index 9658e6370e1178739e8ed4f090cf23d1106c555c..03249af2139148b059aa668e0fdd3b137c18aa73 100644 (file)
--- a/libr/bin/p/bin_pe.inc.c
+++ b/libr/bin/p/bin_pe.inc.c
@@ -363,6 +363,10 @@ static char* types(RBinFile *bf) {
        RBuffer *buf = bf->buf;
        const ut8 *data = r_buf_data (buf, NULL);
        size_t size = r_buf_size (buf);
+       // Check for integer overflow: dotnet_parse expects int, not size_t
+       if (size > INT_MAX) {
+               return NULL;
+       }
        ut64 image_base = PE_(r_bin_pe_get_image_base)(pe);
        RList *dotnet_symbols = dotnet_parse (data, size, image_base);
        if (r_list_empty (dotnet_symbols)) {
diff --git a/libr/fs/p/fs_apfs.c b/libr/fs/p/fs_apfs.c
index 18e06baa07b15419a6762c47a6ba7d3ac97b3a3e..161162b091b4346308869e1fe18664c488a2e39f 100644 (file)
--- a/libr/fs/p/fs_apfs.c
+++ b/libr/fs/p/fs_apfs.c
@@ -1206,6 +1206,11 @@ static bool apfs_parse_catalog_record(ApfsFS *ctx, ut8 *key_data, ut16 key_len,
        if (key_len < sizeof (ApfsKeyHeader)) {
                return false;
        }
+       // Sanity check: val_len should not exceed block size
+       if (val_len > ctx->block_size) {
+               R_LOG_DEBUG ("apfs: val_len (%u) exceeds block_size (%u), skipping", val_len, ctx->block_size);
+               return false;
+       }
 
        ApfsKeyHeader *key_hdr = (ApfsKeyHeader *)key_data;
        ut64 obj_id_and_type = apfs_read64 (ctx, (ut8 *)&key_hdr->obj_id_and_type);
Unnamed repository; edit this file 'description' to name the repository.