Skip to content

Commit

Permalink
Merge pull request #13 from jorgeaduran/master
Browse files Browse the repository at this point in the history 
fix: Prevent buffer overflow in read_bytes function
  • Loading branch information
@marirs
marirs authored Jul 2, 2024
2 parents 7d9d686 + 8bc329e commit dbd4556
Showing 1 changed file with 16 additions and 4 deletions.
20 changes: 16 additions & 4 deletions src/extractor/smda.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1084,12 +1084,24 @@ pub fn read_bytes<'a>(
) -> Result<&'a [u8]> {
let rva = offset - report.base_addr;
let buffer_end = report.buffer.len();
let end_of_string = rva + num_bytes as u64;
let mut end_of_string = rva + num_bytes as u64;

// If end_of_string exceeds buffer_end, adjust it to buffer_end
if end_of_string > buffer_end as u64 {
Ok(&report.buffer[rva as usize..])
} else {
Ok(&report.buffer[rva as usize..end_of_string as usize])
// println!(
// "Buffer overflow error end_of_string: {} buffer_end: {}, rva: {}, num_bytes: {}. Force end.",
// end_of_string, buffer_end, rva, num_bytes
// );
end_of_string = buffer_end as u64;
}

// Ensure that rva does not exceed the size of the buffer
if rva > buffer_end as u64 {
// println!("Offset out of buffer range rva: {} buffer_end: {}", rva, buffer_end);
return Err(Error::BufferOverflowError);
}

Ok(&report.buffer[rva as usize..end_of_string as usize])
}

pub fn read_string(report: &DisassemblyReport, offset: &u64) -> Result<String> {
Expand Down

0 comments on commit dbd4556

Please sign in to comment.