Skip to content

Commit 2161cff

Browse files
t00sht00sh
committed
Fix segfault in Mach-O parser
1 parent bb2c3c7 commit 2161cff

File tree

2 files changed

+12
-6
lines changed

2 files changed

+12
-6
lines changed

api/binfmt/bin_macho32.c

+5-2
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,7 @@ static int r_binfmt_macho32_check_segment(r_binfmt_s *bin, r_binfmt_macho32_segm
154154
static int r_binfmt_macho32_check(r_binfmt_s *bin) {
155155
r_binfmt_macho32_header_s *hdr;
156156
r_binfmt_macho_cmd_s *cmd;
157-
u32 tmp, i, cmd_num, off, type;
157+
u32 tmp, i, cmd_num, cmd_size, off, type;
158158

159159
/* Already checked in r_binfmt_machoXX_is(),
160160
but if the check is removed in the future, the
@@ -186,7 +186,10 @@ static int r_binfmt_macho32_check(r_binfmt_s *bin) {
186186
return 0;
187187
}
188188

189-
if(!r_utils_add32(&off, off, r_binfmt_get_int32((byte_t*)&cmd->size, bin->endian)))
189+
cmd_size = r_binfmt_get_int32((byte_t*)&cmd->size, bin->endian);
190+
if(!cmd_size)
191+
return 0;
192+
if(!r_utils_add32(&off, off, cmd_size))
190193
return 0;
191194
}
192195

api/binfmt/bin_macho64.c

+7-4
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ static void r_binfmt_macho64_load_mlist(r_binfmt_s *bin) {
127127

128128
/* Check the fields of the machoXX segment */
129129
static int r_binfmt_macho64_check_segment(r_binfmt_s *bin, r_binfmt_macho64_segment_s *seg) {
130-
u32 filesz, fileoff;
130+
u64 filesz, fileoff;
131131
u64 off;
132132

133133
off = ((byte_t*)seg) - bin->mapped;
@@ -154,7 +154,7 @@ static int r_binfmt_macho64_check_segment(r_binfmt_s *bin, r_binfmt_macho64_segm
154154
static int r_binfmt_macho64_check(r_binfmt_s *bin) {
155155
r_binfmt_macho64_header_s *hdr;
156156
r_binfmt_macho_cmd_s *cmd;
157-
u32 tmp, i, cmd_num, off, type;
157+
u32 tmp, i, cmd_num, cmd_size, off, type;
158158

159159
/* Already checked in r_binfmt_machoXX_is(),
160160
but if the check is removed in the future, the
@@ -181,12 +181,15 @@ static int r_binfmt_macho64_check(r_binfmt_s *bin) {
181181

182182
/* Now check command */
183183
type = r_binfmt_get_int32((byte_t*)&cmd->type, bin->endian);
184-
if(type == R_BINFMT_MACHO_CMD_TYPE_SEGMENT) {
184+
if(type == R_BINFMT_MACHO_CMD_TYPE_SEGMENT64) {
185185
if(!r_binfmt_macho64_check_segment(bin, (r_binfmt_macho64_segment_s*)cmd))
186186
return 0;
187187
}
188188

189-
if(!r_utils_add32(&off, off, r_binfmt_get_int32((byte_t*)&cmd->size, bin->endian)))
189+
cmd_size = r_binfmt_get_int32((byte_t*)&cmd->size, bin->endian);
190+
if(!cmd_size)
191+
return 0;
192+
if(!r_utils_add32(&off, off, cmd_size))
190193
return 0;
191194
}
192195

0 commit comments

Comments
 (0)