> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> tsearch line 142:
>
> for(radare_read(0);!config.interrupted;i = radare_read(1)) {
> if (!i) break;
> binparse_reset_tlist ( t ) ;
> for(i=0;i<config.block_size;i++)
> update_tlist(t, config.block[i], config.seek+i);
>
> config.seek += config.block_size;
> }
> config.seek = tmp;
this is not ok, config.seek is incremented inside radare_read(1);
// '1' means 'next block'.
> and binparse.h :
>
> void binparse_reset_tlist (tokenizer *t );
>
> binparse.c :
>
> void binparse_reset_tlist (tokenizer *t )
> {
> int i,j;
> for (i=0; i < t->nlists ; i ++ )
> {
> t->tls[i]->estat = 0;
> }
> }
>
>
> in callback I've added the size of the search:
> static void radare_tsearch_callback(struct _tokenizer *t, int i,
> unsigned long long where, unsigned long long size)
> {
this is not ok, the block size is size_t, btw changing the block
size does not fixes anything, it just reduces the visibility of the
bytes near the hit. It's useful.
Try printf'g the values from the callback hit will fix this issue, btw
i was able to reproduce the bug on qemu-arm. I've no gdb there, but
printf debugging will be enought to allow me to fix this.
I think that passing more than one arg to a callback is not safe without
using trampoline libraries or similar tricks. So I'll prefer to construct
a single structure containing the arguments. This will fix the bug.
Let me try! :)
--pancake
_______________________________________________
radare mailing list
[email protected]
https://lists.nopcode.org/mailman/listinfo/radare
