Infer fixes Round 2 (#4993)

binr/radiff2/radiff2.c

@@ -23,7 +23,7 @@ static int useva = true;
 static int delta = 0;
 static int showbare = false;
 static int json_started = 0;
-static int diffmode = 0; 
+static int diffmode = 0;
 static bool disasm = false;
 static RCore *core = NULL;
 static const char *arch = NULL;
@@ -242,7 +242,13 @@ static void handle_sha256 (const ut8 *block, int len) {
 	int i = 0;
 	RHash *ctx = r_hash_new (true, R_HASH_SHA256);
 	const ut8 *c = r_hash_do_sha256 (ctx, block, len);
-	for (i = 0; i < R_HASH_SIZE_SHA256; i++) printf ("%02x", c[i]);
+	if (!c) {
+		r_hash_free (ctx);
+		return;
+	}
+	for (i = 0; i < R_HASH_SIZE_SHA256; i++) {
+		printf ("%02x", c[i]);
+	}
 	r_hash_free (ctx);
 }
 
@@ -318,7 +324,7 @@ int main(int argc, char **argv) {
 			return show_help (0);
 		}
 	}
-	
+
 	if (argc < 3 || optind + 2 > argc)
 		return show_help (0);
 
@@ -327,7 +333,7 @@ int main(int argc, char **argv) {
 	} else {
 		file = NULL;
 	}
-	
+
 	if (optind + 1 < argc) {
 		file2 = argv[optind + 1];
 	} else {
@@ -412,7 +418,7 @@ int main(int argc, char **argv) {
 		d = r_diff_new (0LL, 0LL);
 		r_diff_set_delta (d, delta);
 		if (diffmode == 'j') {
-			printf("{\"files\":[{\"filename\":\"%s\", \"size\":%d, \"sha256\":\"", file, sza); 
+			printf("{\"files\":[{\"filename\":\"%s\", \"size\":%d, \"sha256\":\"", file, sza);
 			handle_sha256 (bufa, sza);
 			printf("\"},\n{\"filename\":\"%s\", \"size\":%d, \"sha256\":\"", file2, szb);
 			handle_sha256 (bufb, szb);

libr/bin/dwarf.c

@@ -1367,7 +1367,7 @@ static RBinDwarfDebugAbbrev *r_bin_dwarf_parse_abbrev_raw(const ut8 *obuf, size_
 	RBinDwarfDebugAbbrev *da = NULL;
 	// XXX - Set a suitable value here.
 	if (!obuf || len < 3) return da;
-	
+
 	da = R_NEW0(RBinDwarfDebugAbbrev);
 
 	r_bin_dwarf_init_debug_abbrev (da);
@@ -1498,14 +1498,18 @@ R_API RList *r_bin_dwarf_parse_line(RBin *a, int mode) {
 	RBinFile *binfile = a ? a->cur: NULL;
 	if (binfile && section) {
 		len = section->size;
-		if (len<1) {
+		if (len < 1) {
 			return NULL;
 		}
-		buf = calloc (1, len+1);
+		buf = calloc (1, len + 1);
 		if (!buf) return NULL;
 		ret = r_buf_read_at (binfile->buf, section->paddr, buf, len);
-		
+
 		list = r_list_new (); // always return empty list wtf
+		if (!list) {
+			free (buf);
+			return NULL;
+		}
 		list->free = r_bin_dwarf_row_free;
 		r_bin_dwarf_parse_line_raw2 (a, buf, len, mode);
 		// k bin/cur/addrinfo/*
@@ -1517,6 +1521,10 @@ R_API RList *r_bin_dwarf_parse_line(RBin *a, int mode) {
 				RBinDwarfRow *row;
 				int line;
 				char *file = strdup (kv->value);
+				if (!file) {
+					free (buf);
+					return NULL;
+				}
 				char *tok = strchr (file, '|');
 				if (tok) {
 					*tok++ = 0;

libr/config/config.c

@@ -433,6 +433,7 @@ R_API RConfig *r_config_clone(RConfig *cfg) {
 	RListIter *iter;
 	RConfigNode *node;
 	RConfig *c = r_config_new (cfg->user);
+	if (!c) return NULL;
 	r_list_foreach (cfg->nodes, iter, node) {
 		RConfigNode *nn = r_config_node_clone (node);
 		r_hashtable_insert (c->ht, node->hash, nn);

libr/core/anal.c

@@ -85,6 +85,7 @@ static char *is_string_at (RCore *core, ut64 addr, int *olen) {
 		return NULL;
 	}
 	str = calloc (1024, 1);
+	if (!str) return NULL;
 	r_io_read_at (core->io, addr, str, 1024);
 	str[1023] = 0;
 	// check if current section have no exec bit
@@ -292,7 +293,9 @@ R_API char *r_core_anal_fcn_autoname(RCore *core, ut64 addr, int dump) {
 }
 
 static ut64 *next_append (ut64 *next, int *nexti, ut64 v) {
-	next = realloc (next, sizeof (ut64) * (1 + *nexti));
+	ut64 *tmp_next = realloc (next, sizeof (ut64) * (1 + *nexti));
+	if (!tmp_next) return NULL;
+	next = tmp_next;
 	next[*nexti] = v;
 	(*nexti)++;
 
@@ -1463,7 +1466,7 @@ R_API int r_core_anal_fcn_list(RCore *core, const char *input, int rad) {
 						max = bbi->addr + bbi->size;
 					}
 					if (min > bbi->addr) {
-						min = bbi->addr; 
+						min = bbi->addr;
 					}
 				}
 				char *msg;
@@ -1487,7 +1490,7 @@ R_API int r_core_anal_fcn_list(RCore *core, const char *input, int rad) {
 						}
 					}
 					r_cons_printf ("%s0x%08"PFMT64x" %4d %5d %4d 0x%08"PFMT64x" %5d 0x%08"PFMT64x" %5d %4d %4d %4d %5d %s%s\n",
-							color, fcn->addr, 
+							color, fcn->addr,
 							r_anal_fcn_cc (fcn),
 							r_anal_fcn_realsize (fcn), r_list_length (fcn->bbs), min, r_anal_fcn_size (fcn), max, noofCallRef,
 							r_anal_var_count (core->anal, fcn, 'v'),
@@ -2332,6 +2335,7 @@ R_API RList* r_core_anal_cycles (RCore *core, int ccl) {
 	RAnalCycleFrame *prev = NULL, *cf = r_anal_cycle_frame_new ();
 	RAnalCycleHook *ch;
 	RList *hooks = r_list_new ();
+	if (!hooks) return NULL;
 	while (cf && !core->cons->breaked) {
 		if ((op = r_core_anal_op (core, addr)) && (op->cycles) && (ccl > 0)) {
 			r_cons_clear_line (1);
@@ -2452,6 +2456,10 @@ R_API RList* r_core_anal_cycles (RCore *core, int ccl) {
 			}
 		} else {
 			ch = R_NEW0 (RAnalCycleHook);
+			if (!ch) {
+				r_list_free (hooks);
+				return NULL;
+			}
 			ch->addr = addr;
 			ch->cycles = ccl;
 			r_list_append (hooks, ch);

libr/core/bin.c

@@ -1215,6 +1215,7 @@ static bool isAnExport(RBinSymbol *s) {
 
 static int bin_symbols_internal(RCore *r, int mode, ut64 laddr, int va, ut64 at, const char *name, bool exponly) {
 	RBinInfo *info = r_bin_get_info (r->bin);
+	if (!info) return 0;
 	int is_arm = info && info->arch && !strncmp (info->arch, "arm", 3);
 	int bin_demangle = r_config_get_i (r->config, "bin.demangle");
 	RBinSymbol *symbol;

libr/core/cmd.c

@@ -68,6 +68,7 @@ R_API RAsmOp *r_core_disassemble (RCore *core, ut64 addr) {
 	RAsmOp *op;
 	if (b == NULL) {
 		b = r_buf_new ();
+		if (!b) return NULL;
 		if (!r_core_read_at (core, addr, buf, sizeof (buf)))
 			return NULL;
 		b->base = addr;
@@ -650,7 +651,11 @@ static int cmd_kuery(void *data, const char *input) {
 			return 0;
 		}
 		if (input[1] == ' ') {
-			char *fn = strdup (input+2);
+			char *fn = strdup (input + 2);
+			if (!fn) {
+				eprintf("Unable to allocate memory\n");
+				return 0;
+			}
 			char *ns = strchr (fn, ' ');
 			if (ns) {
 				Sdb *db;
@@ -2259,6 +2264,7 @@ R_API int r_core_cmd_lines(RCore *core, const char *lines) {
 
 	if (!lines || !*lines) return true;
 	data = odata = strdup (lines);
+	if (!odata) return false;
 	nl = strchr (odata, '\n');
 	if (nl) {
 		r_cons_break (NULL, NULL);
@@ -2346,6 +2352,7 @@ R_API char *r_core_disassemble_bytes(RCore *core, ut64 addr, int b) {
 
 R_API int r_core_cmd_buffer(void *user, const char *buf) {
 	char *ptr, *optr, *str = strdup (buf);
+	if (!str) return false;
 	optr = str;
 	ptr = strchr (str, '\n');
 	while (ptr) {

libr/core/cmd_api.c

@@ -391,6 +391,7 @@ R_API int r_cmd_macro_rm(RCmdMacro *mac, const char *_name) {
 	RListIter *iter;
 	RCmdMacroItem *m;
 	char *name = strdup (_name);
+	if (!name) return false;
 	char *ptr = strchr (name, ')');
 	if (ptr) *ptr = '\0';
 	r_list_foreach (mac->macros, iter, m) {

libr/core/config.c

@@ -1421,6 +1421,7 @@ R_API int r_core_config_init(RCore *core) {
 	int i;
 	char buf[128], *p, *tmpdir;
 	RConfig *cfg = core->config = r_config_new (core);
+	if (!cfg) return 0;
 	cfg->cb_printf = r_cons_printf;
 	cfg->num = core->num;
 

libr/core/disasm.c

@@ -244,8 +244,8 @@ static int cmpaddr(const void *_a, const void *_b) {
 }
 
 static void get_bits_comment(RCore *core, RAnalFunction *f, char *cmt, int cmt_size) {
-	if (core && f && cmt && cmt_size>0 && f->bits) {
-		const char *asm_arch = r_config_get (core->config, "asm.arch");
+	const char *asm_arch = r_config_get (core->config, "asm.arch");
+	if (core && f && cmt && cmt_size>0 && f->bits || !*asm_arch) {
 		if (strstr (asm_arch, "arm")) {
 			switch (f->bits) {
 			case 16: strcpy (cmt, " (thumb)"); break;
@@ -309,6 +309,7 @@ static void ds_print_spacy(RDisasmState *ds, int pre) {
 
 static RDisasmState * handle_init_ds(RCore * core) {
 	RDisasmState *ds = R_NEW0 (RDisasmState);
+	if (!ds) return NULL;
 	ds->core = core;
 	ds->pal_comment = core->cons->pal.comment;
 	#define P(x) (core->cons && core->cons->pal.x)? core->cons->pal.x
@@ -768,7 +769,7 @@ static void handle_show_xrefs(RCore *core, RDisasmState *ds) {
 				tmp = r_bin_demangle (core->bin->cur, lang, name);
 				if (tmp) {
 					free (name);
-					name = tmp; 
+					name = tmp;
 				}
 			}
 			handle_pre_xrefs (core, ds);
@@ -1357,6 +1358,7 @@ static void printCol(RDisasmState *ds, char *sect, int cols, const char *color)
 	if (cols < 8) cols = 8;
 	int outsz = cols + 32;
 	char *out = malloc (outsz);
+	if (!out) return;
 	memset (out, ' ', outsz);
 	int sect_len = strlen (sect);
 
@@ -1553,7 +1555,7 @@ static bool handle_print_data_type (RCore *core, const ut8 *buf, int ib, int siz
 	case 8: type = isSigned? ".int64": ".qword"; break;
 	default: return false;
 	}
-	ut64 n = r_read_ble (buf, core->print->big_endian, size * 8); 
+	ut64 n = r_read_ble (buf, core->print->big_endian, size * 8);
 
 	switch (ib) {
 	case 1:
@@ -2555,6 +2557,7 @@ static void handle_print_comments_right(RCore *core, RDisasmState *ds) {
 	handle_print_relocs (core, ds);
 	if (ds->asm_describe) {
 		char *locase = strdup (ds->asmop.buf_asm);
+		if (!locase) return;
 		char *op = strchr (locase, ' ');
 		if (op) *op = 0;
 		r_str_case (locase, 0);
@@ -3399,8 +3402,13 @@ R_API int r_core_print_fcn_disasm(RPrint *p, RCore *core, ut64 addr, int l, int
 
 	cur_buf_sz = r_anal_fcn_size (fcn) + 1;
 	buf = malloc (cur_buf_sz);
+	if (!buf) return -1;
 	len = r_anal_fcn_size (fcn);
 	bb_list = r_list_new();
+	if (!bb_list) {
+		free (buf);
+		return -1;
+	}
 	//r_cons_printf ("len =%d l=%d ib=%d limit=%d\n", len, l, invbreak, p->limit);
 	// TODO: import values from debugger is possible
 	// TODO: allow to get those register snapshots from traces

libr/core/file.c

@@ -466,7 +466,13 @@ R_API int r_core_bin_load(RCore *r, const char *filenameuri, ut64 baddr) {
 	RBinFile *binfile = NULL;
 	RIODesc *desc = cf ? cf->desc : NULL;
 	RBinPlugin *plugin = NULL;
-	int is_io_load = desc && desc->plugin;
+	int is_io_load;
+	// NULL deref guard
+	if (!desc) {
+		is_io_load = false;
+	} else {
+		is_io_load = desc && desc->plugin;
+	}
 
 	if (cf) {
 		if ((filenameuri == NULL || !*filenameuri)) {
@@ -563,6 +569,7 @@ R_API RIOMap *r_core_file_get_next_map (RCore *core, RCoreFile * fh, int mode, u
 	const char *loadmethod = r_config_get (core->config, "file.loadmethod");
 	const char *suppress_warning = r_config_get (core->config, "file.nowarn");
 	ut64 load_align = r_config_get_i (core->config, "file.loadalign");
+	if (!loadmethod || !suppress_warning) return NULL;
 	RIOMap *map = NULL;
 	if (!strcmp (loadmethod, "overwrite"))
 		map = r_io_map_new (core->io, fh->desc->fd, mode, 0, loadaddr, r_io_desc_size (core->io, fh->desc));

libr/core/graph.c

@@ -420,6 +420,7 @@ static int layer_sweep (const RGraph *g, const struct layer_t layers[],
 static void view_cyclic_edge (const RGraphEdge *e, const RGraphVisitor *vis) {
 	const RAGraph *g = (RAGraph *)vis->data;
 	RGraphEdge *new_e = R_NEW0 (RGraphEdge);
+	if (!new_e) return;
 	new_e->from = e->from;
 	new_e->to = e->to;
 	new_e->nth = e->nth;
@@ -436,6 +437,7 @@ static void view_dummy (const RGraphEdge *e, const RGraphVisitor *vis) {
 
 	if (R_ABS (a->layer - b->layer) > 1) {
 		RGraphEdge *new_e = R_NEW0 (RGraphEdge);
+		if (!new_e) return;
 		new_e->from = e->from;
 		new_e->to = e->to;
 		new_e->nth = e->nth;
@@ -973,11 +975,13 @@ static void place_dummies (const RAGraph *g) {
 
 static RGraphNode *get_right_dummy (const RAGraph *g, const RGraphNode *n) {
 	const RANode *an = get_anode (n);
+	if (!an) return NULL;
 	int k, layer = an->layer;
 
 	for (k = an->pos_in_layer + 1; k < g->layers[layer].n_nodes; ++k) {
 		RGraphNode *gk = g->layers[layer].nodes[k];
 		const RANode *ak = get_anode (gk);
+		if (!ak) break;
 
 		if (ak->is_dummy)
 			return gk;
@@ -1302,9 +1306,18 @@ static void place_original (RAGraph *g) {
 	const RANode *an;
 
 	D = sdb_new0 ();
+	if (!D) return;
 	P = sdb_new0 ();
-	g->dists = r_list_new ();
-	g->dists->free = (RListFree)free;
+	if (!P) {
+		sdb_free (D);
+		return;
+	}
+	g->dists = r_list_newf ((RListFree) free);
+	if (!g->dists) {
+		sdb_free (D);
+		sdb_free (P);
+		return;
+	}
 
 	graph_foreach_anode (nodes, itn, gn, an) {
 		if (!an->is_dummy) continue;
@@ -1353,7 +1366,7 @@ static void create_edge_from_dummies (const RAGraph *g, RANode *an, RList *torem
 	RANode *a_from = get_anode (from);
 	RListIter *(*add_to_list)(RList *, void *) = NULL;
 	AEdge *e = R_NEW0 (AEdge);
-
+	if (!e) return;
 	e->x = r_list_new ();
 	e->y = r_list_new ();
 	e->is_reversed = an->is_reversed;
@@ -1407,6 +1420,7 @@ static void analyze_back_edges (const RAGraph *g, RANode *an) {
 		i++;
 		if (ak->layer > an->layer) continue;
 		e = R_NEW0 (AEdge);
+		if (!e) return;
 		e->is_reversed = true;
 		e->from = an;
 		e->to = ak;
@@ -2242,6 +2256,7 @@ static void free_anode (RANode *n) {
 
 static int free_anode_cb (void *user UNUSED, const char *k UNUSED, const char *v) {
 	RANode *n = (RANode *)(size_t)sdb_atoi(v);
+	if (!n) return 0;
 	free_anode (n);
 	return 1;
 }
@@ -2362,6 +2377,7 @@ static int user_edge_cb(struct g_cb *user, const char *k UNUSED, const char *v)
 	RAGraph *g = user->graph;
 	void *user_data = user->data;
 	RANode *an, *n = (RANode *)(size_t)sdb_atoi (v);
+	if (!n) return 0;
 	const RList *neigh = r_graph_get_neighbours (g->graph, n->gnode);
 	RListIter *it;
 	RGraphNode *gn;

libr/core/hack.c

@@ -194,6 +194,7 @@ R_API int r_core_hack_x86(RCore *core, const char *op, const RAnalOp *analop) {
 R_API int r_core_hack(RCore *core, const char *op) {
 	int (*hack)(RCore *core, const char *op, const RAnalOp *analop) = NULL;
 	const char *asmarch = r_config_get (core->config, "asm.arch");
+	if (!asmarch) return false;
 	RAnalOp analop;
 
 	if (strstr (asmarch, "x86")) {