* Fix UAF in theme switching from disasm
ecd
-ec comment rgb:fc1
-ec fname rgb:fc1
-ec fline rgb:f91
-ec flag rgb:fc1
-ec label rgb:fc1
+ec comment rgb:cff
+ec usrcmt rgb:cff
+ec fname rgb:aaa
+ec fline rgb:aaa
+ec flag rgb:3af
+ec label rgb:3af
+ec floc white
# help messages
ec help rgb:3cf
ec args rgb:09f
-ec flow rgb:e71
+ec flow white
+ec flow2 rgb:6af
ec prompt rgb:09f
ec addr rgb:666
-ec input rgb:fc1
-ec invalid rgb:e34
+ec input rgb:cff
+ec invalid blue
ec other rgb:09f
ec b0x00 rgb:99a
ec b0x7f rgb:09f
ec btext rgb:3cf
ec math rgb:09f
ec bin rgb:99a
-ec push rgb:09f
+ec push rgb:999
ec pop rgb:09f
ec crypto rgb:fff
-ec jmp rgb:e71
-ec cjmp rgb:e71
-ec call magenta
-ec nop rgb:7c5
-ec ret rgb:e34
-ec trap rgb:e34
+ec jmp white
+ec ujmp white
+ec cjmp white
+ec call rgb:6af
+ec nop rgb:33a
+ec ret white
+ec trap blue
ec swi rgb:e34
-ec cmp rgb:09f
+ec cmp rgb:aaa
ec reg rgb:3cf
ec creg rgb:09f
-ec num rgb:fc1
+ec num white
ec mov rgb:99a
ec ai.read rgb:e33
ec ai.write rgb:33e
ec gui.background rgb:7c5
ec gui.background2 rgb:e34
ec gui.border rgb:23f
+
ec graph.current rgb:aaf
+ec graph.false white
+ec graph.true rgb:9ff
+ec graph.trufae rgb:4aa
+ec graph.box white
+ec graph.box2 rgb:07f
ec var rgb:555
ec var.name rgb:09f
const char *color_var_type;
const char *color_var_addr;
const char *cmtoken; // ";"
+ bool pal_batch_save; // saved pal_batch to restore on ds_free
RFlagItem *lastflag;
RAnalHint *hint;
ds->linesopts |= R_ANAL_REFLINE_TYPE_UTF8;
}
}
+ // Prevent palette reload during disassembly to avoid UAF of cached color pointers
+ ds->pal_batch_save = core->cons->context->pal_batch;
+ core->cons->context->pal_batch = true;
return ds;
}
free (ds->osl);
free (ds->sl);
free (ds->_tabsbuf);
+ // Restore pal_batch and reload palette if needed
+ ds->core->cons->context->pal_batch = ds->pal_batch_save;
R_FREE (ds);
}
projects / 0xmirror / radare2.git / commitdiff