fix #2962 - oob read in bin.c

rizinorg · Aug 24, 2022 · 2aedc1e · 2aedc1e
1 parent b6549f8
commit 2aedc1e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/librz/bin/bin.c b/librz/bin/bin.c
@@ -1382,8 +1382,8 @@ RZ_API RZ_OWN char *rz_bin_demangle(RZ_NULLABLE RzBinFile *bf, RZ_NULLABLE const
 		if (!found) {
 			lib = NULL;
 		}
-		size_t len = strlen(bin->file);
-		if (!rz_str_ncasecmp(symbol, bin->file, len)) {
+		size_t len = bin ? strlen(bin->file) : 0;
+		if (bin && len > 0 && !rz_str_ncasecmp(symbol, bin->file, len)) {
 			lib = bin->file;
 			symbol += len;
 			if (*symbol == '_') {
@@ -1432,7 +1432,11 @@ RZ_API RZ_OWN char *rz_bin_demangle(RZ_NULLABLE RzBinFile *bf, RZ_NULLABLE const
 	case RZ_BIN_LANGUAGE_RUST: demangled = NULL; break;
 	case RZ_BIN_LANGUAGE_CXX: demangled = NULL; break;
 #endif
-	default: rz_demangler_resolve(bin->demangler, symbol, language, &demangled);
+	default:
+		if (bin) {
+			rz_demangler_resolve(bin->demangler, symbol, language, &demangled);
+		}
+		break;
 	}
 	if (libs && demangled && lib) {
 		char *d = rz_str_newf("%s_%s", lib, demangled);

diff --git a/librz/demangler/demangler.c b/librz/demangler/demangler.c
@@ -185,7 +185,7 @@ RZ_API RZ_BORROW const RzDemanglerPlugin *rz_demangler_plugin_get(RZ_NONNULL RzD
  * This function fails only when the requested language is not available.
  */
 RZ_API bool rz_demangler_resolve(RZ_NONNULL RzDemangler *dem, RZ_NULLABLE const char *symbol, RZ_NONNULL const char *language, RZ_NONNULL RZ_OWN char **output) {
-	rz_return_val_if_fail(language && dem->plugins && output, false);
+	rz_return_val_if_fail(language && dem && dem->plugins && output, false);
 
 	if (RZ_STR_ISEMPTY(symbol)) {
 		*output = NULL;