-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use r_str_scanf as a safe alternative to fix gdb reg profile parsing bugs #22562
Changes from 22 commits
7bc0349
666c94f
e9b636b
d9854e2
8e8a040
8ca150d
197a3cc
fa32abb
c3c3ee3
292fa8c
b25fd13
ecab0cc
5aa813f
3003235
e76a620
14c6da7
1853264
8adfa77
a748b70
1cc22fe
a06f017
0e34ceb
8793f0f
4cc4769
6dcbd85
97a28ad
dbeadf1
c193c46
c3c0906
8698e5a
d4f2fba
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,7 @@ | |
#include <r_userconf.h> | ||
#include <r_drx.h> | ||
#include <r_core.h> | ||
#include <r_util.h> | ||
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
#include <signal.h> | ||
#include <sys/types.h> | ||
|
||
|
@@ -1091,9 +1092,7 @@ static RList *r_debug_native_map_get(RDebug *dbg) { | |
} | ||
#if __KFBSD__ | ||
// 0x8070000 0x8072000 2 0 0xc1fde948 rw- 1 0 0x2180 COW NC vnode /usr/bin/gcc | ||
if (sscanf (line, "%s %s %d %d 0x%s %3s %d %d", | ||
®ion[2], ®ion2[2], &ign, &ign, | ||
unkstr, perms, &ign, &ign) != 8) { | ||
if (r_str_scanf (line, "%.s %.s %d %d 0x%.s %.s %d %d", sizeof (region[2]), ®ion[2], sizeof (region2[2]), ®ion2[2], &ign, &ign, sizeof (unkstr), unkstr, sizeof (perms) perms, &ign, &ign) != 8) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. are you sure this is 0x%.s ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i mean it was like this in the original string, but i think the unkstr can be skipped by using %*s instead and remove tha argument.
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
R_LOG_ERROR ("%s: Unable to parse \"%s\"", __func__, path); | ||
r_list_free (list); | ||
return NULL; | ||
|
@@ -1109,7 +1108,7 @@ static RList *r_debug_native_map_get(RDebug *dbg) { | |
#else | ||
ut64 offset = 0; | ||
// 7fc8124c4000-7fc81278d000 r--p 00000000 fc:00 17043921 /usr/lib/locale/locale-archive | ||
i = sscanf (line, "%s %s %08"PFMT64x" %*s %*s %[^\n]", ®ion[2], perms, &offset, name); | ||
i = r_str_scanf (line, "%.s %.s %Lx %*s %*s %.[^\n]", sizeof (region[2]), ®ion[2], sizeof (perms), perms, &offset, sizeof (name), name); | ||
if (i == 3) { | ||
name[0] = '\0'; | ||
} else if (i != 4) { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,7 @@ | ||
/* radare - LGPL - Copyright 2016-2023 - Oscar Salvador */ | ||
|
||
#include <r_debug.h> | ||
#include <r_util.h> | ||
|
||
#if DEBUGGER | ||
|
||
|
@@ -157,9 +158,7 @@ static proc_per_thread_t *get_proc_thread_content(int pid, int tid) { | |
int no_num; | ||
char no_char; | ||
ut32 no_ui; | ||
sscanf (buff, "%d %s %c %d %d %d %d %d %u %lu %lu %lu %lu" | ||
"%"PFMT64x" %"PFMT64x" %ld %lu", | ||
&no_num, no_str, &no_char, &no_num, &no_num, &no_num, | ||
r_str_scanf (buff, "%d %.s %c %d %d %d %d %d %u %lu %lu %lu %Lx %Lx %ld %lu", &no_num, sizeof (no_str), no_str, &no_char, &no_num, &no_num, &no_num, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we can get rid of all those no* variables if we use %*d in the arguments instead |
||
&no_num, &no_num, &no_ui, &no_lui, &no_lui, &no_lui, | ||
&no_lui, &t->utime, &t->stime, &t->cutime, &t->cstime); | ||
free (buff); | ||
|
@@ -813,12 +812,12 @@ static proc_per_process_t *get_proc_process_content(RDebug *dbg) { | |
long unsigned int no_lui; | ||
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
long int no_li; | ||
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
int no_num; | ||
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
sscanf (buff, "%d %s %c %d %d %d %d %d %u %lu %lu %lu %lu" | ||
"%lu %lu %ld %ld %ld %ld %ld", | ||
&p->pid, no_str, &p->s_name, &p->ppid, &p->pgrp, &no_num, | ||
&no_num, &p->sid, &p->flag, &no_lui, &no_lui, &no_lui, | ||
if (r_str_scanf (buff, "%d %.s %c %*d %u %*lu %*ld", &p->pid, sizeof (no_str), no_str, &p->s_name, &p->ppid, &p->pgrp, &no_num, &no_num, &p->sid, &p->flag, &no_lui, &no_lui, &no_lui, | ||
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
&no_lui, &no_lui, &no_lui, &no_li, &no_li, | ||
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
&no_li, &p->nice, &p->num_threads); | ||
&no_li, &p->nice, &p->num_threads) < 7) { | ||
trufae marked this conversation as resolved.
Show resolved
Hide resolved
|
||
free (buff); | ||
return NULL; | ||
} | ||
free (buff); | ||
} | ||
if (!p->num_threads || p->num_threads < 1) { | ||
|
@@ -869,7 +868,10 @@ static proc_per_process_t *get_proc_process_content(RDebug *dbg) { | |
file = r_strf ("/proc/%d/coredump_filter", dbg->pid); | ||
buff = r_file_slurp (file, &size); | ||
if (buff) { | ||
sscanf (buff, "%hx", &filter_flags); | ||
if (r_str_scanf (buff, "%hx", &filter_flags) != 1) { | ||
free (p); | ||
Crispy-fried-chicken marked this conversation as resolved.
Show resolved
Hide resolved
|
||
return NULL; | ||
} | ||
p->coredump_filter = filter_flags; | ||
free (buff); | ||
} else { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -293,4 +293,5 @@ static inline void *untagged_pointer_check(void *x) { | |
} | ||
#endif | ||
|
||
|
||
#endif // R2_TYPES_BASE_H |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not necessary