rizinorg · wargio · Aug 17, 2022 · Aug 17, 2022 · Aug 17, 2022 · Aug 17, 2022
@@ -454,7 +454,6 @@ RZ_API int rz_bin_object_set_items(RzBinFile *bf, RzBinObject *o) {
 	if (p->symbols) {
 		o->symbols = p->symbols(bf);
 		if (o->symbols) {
-			rz_warn_if_fail(o->symbols->free);
 			REBASE_PADDR(o, o->symbols, RzBinSymbol);
 			if (bin->filter) {
 				rz_bin_filter_symbols(bf, o->symbols);

@@ -5,7 +5,8 @@
 
 void luac_add_section(RzList *section_list, char *name, ut64 offset, ut32 size, bool is_func) {
 	RzBinSection *bin_sec = RZ_NEW0(RzBinSection);
-	if (!bin_sec) {
+	if (!bin_sec || !name) {
+		free(bin_sec);
 		return;
 	}
 
@@ -16,15 +17,17 @@ void luac_add_section(RzList *section_list, char *name, ut64 offset, ut32 size,
 	bin_sec->bits = is_func ? sizeof(LUA_INSTRUCTION) * 8 : 8;
 	// bin_sec->has_strings = !is_func;
 	bin_sec->has_strings = false;
-	bin_sec->arch = rz_str_new("luac");
+	bin_sec->arch = "luac";
 
 	if (is_func) {
 		bin_sec->perm = RZ_PERM_R | RZ_PERM_X;
 	} else {
 		bin_sec->perm = RZ_PERM_R;
 	}
 
-	rz_list_append(section_list, bin_sec);
+	if (!rz_list_append(section_list, bin_sec)) {
+		rz_bin_section_free(bin_sec);
+	}
 }
 
 void luac_add_symbol(RzList *symbol_list, char *name, ut64 offset, ut64 size, const char *type) {
@@ -70,12 +73,6 @@ void luac_add_string(RzList *string_list, char *string, ut64 offset, ut64 size)
 	rz_list_append(string_list, bin_string);
 }
 
-static void try_free_empty_list(RzList *list) {
-	if (list != NULL) {
-		rz_list_free(list);
-	}
-}
-
 static void free_rz_section(RzBinSection *section) {
 	if (!section) {
 		return;
@@ -111,6 +108,17 @@ static void free_rz_addr(RzBinAddr *addr) {
 	RZ_FREE(addr);
 }
 
+void luac_build_info_free(LuacBinInfo *bin_info) {
+	if (!bin_info) {
+		return;
+	}
+	rz_list_free(bin_info->entry_list);
+	rz_list_free(bin_info->symbol_list);
+	rz_list_free(bin_info->section_list);
+	rz_list_free(bin_info->string_list);
+	free(bin_info);
+}
+
 LuacBinInfo *luac_build_info(LuaProto *proto) {
 	if (!proto) {
 		RZ_LOG_ERROR("Invalid luac file\n");
@@ -128,10 +136,10 @@ LuacBinInfo *luac_build_info(LuaProto *proto) {
 	ret->string_list = rz_list_newf((RzListFree)free_rz_string);
 
 	if (!(ret->entry_list && ret->symbol_list && ret->section_list && ret->string_list)) {
-		try_free_empty_list(ret->entry_list);
-		try_free_empty_list(ret->symbol_list);
-		try_free_empty_list(ret->section_list);
-		try_free_empty_list(ret->string_list);
+		rz_list_free(ret->entry_list);
+		rz_list_free(ret->symbol_list);
+		rz_list_free(ret->section_list);
+		rz_list_free(ret->string_list);
 	}
 
 	_luac_build_info(proto, ret);
@@ -227,13 +235,13 @@ void _luac_build_info(LuaProto *proto, LuacBinInfo *info) {
 	char *section_name;
 	char *symbol_name;
 	char *proto_name;
+	char **upvalue_names = NULL;
 	RzListIter *iter;
+	int i = 0; // iter
 
 	ut64 current_offset;
 	ut64 current_size;
 
-	int i = 0; // iter
-
 	// 0. check if stripped (proto name is lost)
 	if (proto->name_size == 0 || proto->proto_name == NULL) {
 		// replace name with current offset
@@ -295,21 +303,25 @@ void _luac_build_info(LuaProto *proto, LuacBinInfo *info) {
 	}
 
 	// 2.2 parse debug_upvalues
-	char **upvalue_names;
-	int real_upvalue_cnt;
-	LuaDbgUpvalueEntry *debug_upv_entry;
-	real_upvalue_cnt = rz_list_length(proto->upvalue_entries);
-	upvalue_names = RZ_NEWS0(char *, real_upvalue_cnt);
-	if (!upvalue_names) {
-		return;
-	}
-	rz_list_foreach (proto->dbg_upvalue_entries, iter, debug_upv_entry) {
-		upvalue_names[i] = (char *)debug_upv_entry->upvalue_name;
-		luac_add_string(
-			info->string_list,
-			upvalue_names[i],
-			debug_upv_entry->offset,
-			debug_upv_entry->name_len);
+	size_t real_upvalue_cnt = rz_list_length(proto->upvalue_entries);
+	if (real_upvalue_cnt > 0) {
+		LuaDbgUpvalueEntry *debug_upv_entry;
+		upvalue_names = RZ_NEWS0(char *, real_upvalue_cnt);
+		if (!upvalue_names) {
+			free(proto_name);
+			return;
+		}
+
+		i = 0;
+		rz_list_foreach (proto->dbg_upvalue_entries, iter, debug_upv_entry) {
+			upvalue_names[i] = (char *)debug_upv_entry->upvalue_name;
+			luac_add_string(
+				info->string_list,
+				upvalue_names[i],
+				debug_upv_entry->offset,
+				debug_upv_entry->name_len);
+			i++;
+		}
 	}
 
 	// 3.1 construct constant symbols
@@ -352,5 +364,6 @@ void _luac_build_info(LuaProto *proto, LuacBinInfo *info) {
 		_luac_build_info(sub_proto, info);
 	}
 
-	RZ_FREE(proto_name);
+	free(upvalue_names);
+	free(proto_name);
 }
@@ -193,6 +193,7 @@ void luac_add_entry(RzList *entry_list, ut64 offset, int entry_type);
 void luac_add_string(RzList *string_list, char *string, ut64 offset, ut64 size);
 
 LuacBinInfo *luac_build_info(LuaProto *proto);
+void luac_build_info_free(LuacBinInfo *bin_info);
 void _luac_build_info(LuaProto *proto, LuacBinInfo *info);
 
 /* ========================================================

@@ -995,7 +995,7 @@ static RzDyldRebaseInfos *get_rebase_infos(RzDyldCache *cache) {
 	}
 
 	if (!cache->hdr->slideInfoOffset || !cache->hdr->slideInfoSize) {
-		ut32 total_slide_infos = 0;
+		size_t total_slide_infos = 0;
 		ut32 n_slide_infos[MAX_N_HDR];
 
 		ut32 i;
@@ -1004,7 +1004,12 @@ static RzDyldRebaseInfos *get_rebase_infos(RzDyldCache *cache) {
 			if (!rz_buf_read_le32_at(cache->buf, 0x13c + hdr_offset, &n_slide_infos[i])) {
 				goto beach;
 			}
-			total_slide_infos += n_slide_infos[i];
+			ut32 total = total_slide_infos + n_slide_infos[i];
+			if (total < total_slide_infos) {
+				// overflow
+				goto beach;
+			}
+			total_slide_infos = total;
 		}
 
 		if (!total_slide_infos) {

@@ -17,25 +17,27 @@ static bool check_buffer(RzBuffer *buff) {
 }
 
 static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb) {
-	ut8 MAJOR_MINOR_VERSION;
+	ut8 major_minor_version;
 	LuacBinInfo *bin_info_obj = NULL;
 	LuaProto *proto = NULL;
 	RzBinInfo *general_info = NULL;
 	st32 major;
 	st32 minor;
 
-	rz_buf_read_at(buf, LUAC_VERSION_OFFSET, &MAJOR_MINOR_VERSION, sizeof(MAJOR_MINOR_VERSION)); /* 1-byte in fact */
-	if ((bin_info_obj = RZ_NEW(LuacBinInfo)) == NULL) {
-		return false;
-	}
-	major = (MAJOR_MINOR_VERSION & 0xF0) >> 4;
-	minor = (MAJOR_MINOR_VERSION & 0x0F);
+	rz_buf_read_at(buf, LUAC_VERSION_OFFSET, &major_minor_version, sizeof(major_minor_version)); /* 1-byte in fact */
+	major = (major_minor_version & 0xF0) >> 4;
+	minor = (major_minor_version & 0x0F);
 
 	if (major != 5) {
 		RZ_LOG_ERROR("currently support lua 5.x only\n");
 		return false;
 	}
 
+	bin_info_obj = RZ_NEW(LuacBinInfo);
+	if (!bin_info_obj) {
+		return false;
+	}
+
 	switch (minor) {
 	case 4:
 		proto = lua_parse_body_54(buf, 0x20, bf->size);
@@ -47,13 +49,15 @@ static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb
 		break;
 	default:
 		RZ_LOG_ERROR("lua 5.%c not support now\n", minor + '0');
+		free(bin_info_obj);
 		return false;
 	}
 
 	bin_info_obj = luac_build_info(proto);
 	if (bin_info_obj == NULL) {
 		lua_free_proto_entry(proto);
 		rz_bin_info_free(general_info);
+		free(bin_info_obj);
 		return false;
 	}
 	bin_info_obj->general_info = general_info;
@@ -100,7 +104,7 @@ static RzList *symbols(RzBinFile *bf) {
 		return NULL;
 	}
 
-	return bin_info_obj->symbol_list;
+	return rz_list_clone(bin_info_obj->symbol_list);
 }
 
 static RzList *entries(RzBinFile *bf) {
@@ -112,7 +116,7 @@ static RzList *entries(RzBinFile *bf) {
 		return NULL;
 	}
 
-	return bin_info_obj->entry_list;
+	return rz_list_clone(bin_info_obj->entry_list);
 }
 
 static RzList *strings(RzBinFile *bf) {
@@ -124,7 +128,12 @@ static RzList *strings(RzBinFile *bf) {
 		return NULL;
 	}
 
-	return bin_info_obj->string_list;
+	return rz_list_clone(bin_info_obj->string_list);
+}
+
+static void destroy(RzBinFile *bf) {
+	LuacBinInfo *bin_info_obj = GET_INTERNAL_BIN_INFO_OBJ(bf);
+	luac_build_info_free(bin_info_obj);
 }
 
 RzBinPlugin rz_bin_plugin_luac = {
@@ -133,6 +142,7 @@ RzBinPlugin rz_bin_plugin_luac = {
 	.license = "LGPL3",
 	.get_sdb = NULL,
 	.load_buffer = &load_buffer,
+	.destroy = &destroy,
 	.check_buffer = &check_buffer,
 	.baddr = NULL,
 	.entries = &entries,

@@ -555,7 +555,7 @@ RZ_API bool rz_core_bin_apply_strings(RzCore *r, RzBinFile *binfile) {
 			break;
 		}
 		rz_meta_set_with_subtype(r->analysis, RZ_META_TYPE_STRING, string->type, vaddr, string->size, string->string);
-		char *f_name = strdup(string->string);
+		char *f_name = rz_str_new(string->string);
 		rz_name_filter(f_name, -1, true);
 		char *str;
 		if (r->bin->prefix) {

@@ -16,16 +16,16 @@ extern "C" {
 #endif
 
 typedef struct rz_bitmap_t {
-	int length;
+	size_t length;
 	RBitword *bitmap;
 } RzBitmap;
 
-RZ_API RzBitmap *rz_bitmap_new(size_t len);
-RZ_API void rz_bitmap_set_bytes(RzBitmap *b, const ut8 *buf, int len);
-RZ_API void rz_bitmap_free(RzBitmap *b);
-RZ_API void rz_bitmap_set(RzBitmap *b, size_t bit);
-RZ_API void rz_bitmap_unset(RzBitmap *b, size_t bit);
-RZ_API int rz_bitmap_test(RzBitmap *b, size_t bit);
+RZ_API RZ_OWN RzBitmap *rz_bitmap_new(size_t len);
+RZ_API void rz_bitmap_set_bytes(RZ_NONNULL RzBitmap *b, RZ_NONNULL const ut8 *buf, size_t len);
+RZ_API void rz_bitmap_free(RZ_NULLABLE RzBitmap *b);
+RZ_API void rz_bitmap_set(RZ_NONNULL RzBitmap *b, size_t bit);
+RZ_API void rz_bitmap_unset(RZ_NONNULL RzBitmap *b, size_t bit);
+RZ_API int rz_bitmap_test(RZ_NONNULL RzBitmap *b, size_t bit);
 
 #ifdef __cplusplus
 }

@@ -13,43 +13,59 @@
 
 #define BITMAP_WORD_COUNT(bit) (BITWORD_MULT(bit) >> BITWORD_BITS_SHIFT)
 
-RZ_API RzBitmap *rz_bitmap_new(size_t len) {
+RZ_API RZ_OWN RzBitmap *rz_bitmap_new(size_t len) {
+	if (len < 1) {
+		return NULL;
+	}
+
 	RzBitmap *b = RZ_NEW0(RzBitmap);
 	if (!b) {
 		return NULL;
 	}
-	b->length = len;
+
 	b->bitmap = calloc(BITMAP_WORD_COUNT(len), sizeof(RBitword));
+	if (!b->bitmap) {
+		free(b);
+		return NULL;
+	}
+	b->length = len;
 	return b;
 }
 
-RZ_API void rz_bitmap_set_bytes(RzBitmap *b, const ut8 *buf, int len) {
+RZ_API void rz_bitmap_set_bytes(RZ_NONNULL RzBitmap *b, RZ_NONNULL const ut8 *buf, size_t len) {
+	rz_return_if_fail(b && buf && len >= 0);
 	if (b->length < len) {
 		len = b->length;
 	}
 	memcpy(b->bitmap, buf, len);
 }
 
-RZ_API void rz_bitmap_free(RzBitmap *b) {
+RZ_API void rz_bitmap_free(RZ_NULLABLE RzBitmap *b) {
+	if (!b) {
+		return;
+	}
 	free(b->bitmap);
 	free(b);
 }
 
-RZ_API void rz_bitmap_set(RzBitmap *b, size_t bit) {
+RZ_API void rz_bitmap_set(RZ_NONNULL RzBitmap *b, size_t bit) {
+	rz_return_if_fail(b && bit >= 0);
 	if (bit < b->length) {
 		b->bitmap[(bit >> BITWORD_BITS_SHIFT)] |=
 			((RBitword)1 << (bit & BITWORD_BITS_MASK));
 	}
 }
 
-RZ_API void rz_bitmap_unset(RzBitmap *b, size_t bit) {
+RZ_API void rz_bitmap_unset(RZ_NONNULL RzBitmap *b, size_t bit) {
+	rz_return_if_fail(b && bit >= 0);
 	if (bit < b->length) {
 		b->bitmap[(bit >> BITWORD_BITS_SHIFT)] &=
 			~((RBitword)1 << (bit & BITWORD_BITS_MASK));
 	}
 }
 
-RZ_API int rz_bitmap_test(RzBitmap *b, size_t bit) {
+RZ_API int rz_bitmap_test(RZ_NONNULL RzBitmap *b, size_t bit) {
+	rz_return_val_if_fail(b && bit >= 0, -1);
 	if (bit < b->length) {
 		RBitword bword = b->bitmap[(bit >> BITWORD_BITS_SHIFT)];
 		return BITWORD_TEST(bword, (bit & BITWORD_BITS_MASK));