Bug#716481: Patch: Bug#716481: [Mayhem] Bug report on x86dis: x86dis crashes with exit status 139

наб Mon, 23 Dec 2024 17:12:29 -0800

Control: tags -1 + patch

Subject: Limit ranges to INT_MAX (they're stored in an int later), else x86dis 
rMAAAAAAAA 0x -5 segfaults


Bug-Debian: https://bugs.debian.org/716481
--- libdisasm-0.23.orig/x86dis/x86dis.c
+++ libdisasm-0.23/x86dis/x86dis.c
@@ -20,6 +20,7 @@
 #include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 #include <stdio.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
@@ -712,10 +713,13 @@ int main( int argc, char **argv ) {
                                x+=2;
                                if ( x < argc ) {
                                        off = strtoul( argv[x-1], NULL, 0 );
-                                       len = (unsigned int) 
+                                       len = (unsigned int)
                                              strtoul(argv[x], NULL, 0);
-                                       add_request( req_range, off, 
-                                                    len );
+                                       if ( len >= INT_MAX )
+                                               error = 1;
+                                       else
+                                               add_request( req_range, off,
+                                                            len );
                                } else {
                                        error = 1;
                                }

signature.asc
Description: PGP signature

Bug#716481: Patch: Bug#716481: [Mayhem] Bug report on x86dis: x86dis crashes with exit status 139

Reply via email to