mirror/nasm
2
0
Fork 0
mirror of https://github.com/netwide-assembler/nasm.git synced 2025-03-31 18:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

changed sprintf to more secure snprintf to prevent vulnerability to buffer

Browse Source 
overflow exploits.
This commit is contained in:
Ed Beroset 2004-12-15 18:27:50 +00:00
parent 602f1df356
commit 9234817aa4
1 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
disasm.c
View File

@ -484,8 +484,8 @@ static int matches (struct itemplate *t, unsigned char *data, int asize,
return data - origdata;
}
long disasm (unsigned char *data, char *output, int segsize, long offset,
int autosync, unsigned long prefer)
long disasm (unsigned char *data, char *output, int outbufsize, int segsize,
long offset, int autosync, unsigned long prefer)
{
struct itemplate **p, **best_p;
int length, best_length = 0;
@ -583,26 +583,26 @@ long disasm (unsigned char *data, char *output, int segsize, long offset,
slen = 0;
if (lock)
slen += sprintf(output+slen, "lock ");
slen += snprintf(output+slen, outbuflen-slen, "lock ");
for (i = 0; i < ins.nprefix; i++)
switch (ins.prefixes[i]) {
case P_REP: slen += sprintf(output+slen, "rep "); break;
case P_REPE: slen += sprintf(output+slen, "repe "); break;
case P_REPNE: slen += sprintf(output+slen, "repne "); break;
case P_A16: slen += sprintf(output+slen, "a16 "); break;
case P_A32: slen += sprintf(output+slen, "a32 "); break;
case P_O16: slen += sprintf(output+slen, "o16 "); break;
case P_O32: slen += sprintf(output+slen, "o32 "); break;
case P_REP: slen += snprintf(output+slen, outbuflen-slen, "rep "); break;
case P_REPE: slen += snprintf(output+slen, outbuflen-slen, "repe "); break;
case P_REPNE: slen += snprintf(output+slen, outbuflen-slen, "repne "); break;
case P_A16: slen += snprintf(output+slen, outbuflen-slen, "a16 "); break;
case P_A32: slen += snprintf(output+slen, outbuflen-slen, "a32 "); break;
case P_O16: slen += snprintf(output+slen, outbuflen-slen, "o16 "); break;
case P_O32: slen += snprintf(output+slen, outbuflen-slen, "o32 "); break;
}
for (i = 0; i < elements(ico); i++)
if ((*p)->opcode == ico[i]) {
slen += sprintf(output+slen, "%s%s", icn[i],
slen += snprintf(output+slen, outbuflen-slen, "%s%s", icn[i],
whichcond(ins.condition));
break;
}
if (i >= elements(ico))
slen += sprintf(output+slen, "%s", insn_names[(*p)->opcode]);
slen += snprintf(output+slen, outbuflen-slen, "%s", insn_names[(*p)->opcode]);
colon = FALSE;
length += data - origdata; /* fix up for prefixes */
for (i=0; i<(*p)->operands; i++) {
@ -633,14 +633,14 @@ long disasm (unsigned char *data, char *output, int segsize, long offset,
ins.oprs[i].basereg = whichreg ((*p)->opd[i],
ins.oprs[i].basereg);
if ( (*p)->opd[i] & TO )
slen += sprintf(output+slen, "to ");
slen += sprintf(output+slen, "%s",
slen += snprintf(output+slen, outbuflen-slen, "to ");
slen += snprintf(output+slen, outbuflen-slen, "%s",
reg_names[ins.oprs[i].basereg-EXPR_REG_START]);
} else if (!(UNITY & ~(*p)->opd[i])) {
output[slen++] = '1';
} else if ( (*p)->opd[i] & IMMEDIATE ) {
if ( (*p)->opd[i] & BITS8 ) {
slen += sprintf(output+slen, "byte ");
slen += snprintf(output+slen, outbuflen-slen, "byte ");
if (ins.oprs[i].segment & SEG_SIGNED) {
if (ins.oprs[i].offset < 0) {
ins.oprs[i].offset *= -1;
@ -649,17 +649,17 @@ long disasm (unsigned char *data, char *output, int segsize, long offset,
output[slen++] = '+';
}
} else if ( (*p)->opd[i] & BITS16 ) {
slen += sprintf(output+slen, "word ");
slen += snprintf(output+slen, outbuflen-slen, "word ");
} else if ( (*p)->opd[i] & BITS32 ) {
slen += sprintf(output+slen, "dword ");
slen += snprintf(output+slen, outbuflen-slen, "dword ");
} else if ( (*p)->opd[i] & NEAR ) {
slen += sprintf(output+slen, "near ");
slen += snprintf(output+slen, outbuflen-slen, "near ");
} else if ( (*p)->opd[i] & SHORT ) {
slen += sprintf(output+slen, "short ");
slen += snprintf(output+slen, outbuflen-slen, "short ");
}
slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset);
slen += snprintf(output+slen, outbuflen-slen, "0x%lx", ins.oprs[i].offset);
} else if ( !(MEM_OFFS & ~(*p)->opd[i]) ) {
slen += sprintf(output+slen, "[%s%s%s0x%lx]",
slen += snprintf(output+slen, outbuflen-slen, "[%s%s%s0x%lx]",
(segover ? segover : ""),
(segover ? ":" : ""),
(ins.oprs[i].addr_size == 32 ? "dword " :
@ -669,30 +669,30 @@ long disasm (unsigned char *data, char *output, int segsize, long offset,
} else if ( !(REGMEM & ~(*p)->opd[i]) ) {
int started = FALSE;
if ( (*p)->opd[i] & BITS8 )
slen += sprintf(output+slen, "byte ");
slen += snprintf(output+slen, outbuflen-slen, "byte ");
if ( (*p)->opd[i] & BITS16 )
slen += sprintf(output+slen, "word ");
slen += snprintf(output+slen, outbuflen-slen, "word ");
if ( (*p)->opd[i] & BITS32 )
slen += sprintf(output+slen, "dword ");
slen += snprintf(output+slen, outbuflen-slen, "dword ");
if ( (*p)->opd[i] & BITS64 )
slen += sprintf(output+slen, "qword ");
slen += snprintf(output+slen, outbuflen-slen, "qword ");
if ( (*p)->opd[i] & BITS80 )
slen += sprintf(output+slen, "tword ");
slen += snprintf(output+slen, outbuflen-slen, "tword ");
if ( (*p)->opd[i] & FAR )
slen += sprintf(output+slen, "far ");
slen += snprintf(output+slen, outbuflen-slen, "far ");
if ( (*p)->opd[i] & NEAR )
slen += sprintf(output+slen, "near ");
slen += snprintf(output+slen, outbuflen-slen, "near ");
output[slen++] = '[';
if (ins.oprs[i].addr_size)
slen += sprintf(output+slen, "%s",
slen += snprintf(output+slen, outbuflen-slen, "%s",
(ins.oprs[i].addr_size == 32 ? "dword " :
ins.oprs[i].addr_size == 16 ? "word " : ""));
if (segover) {
slen += sprintf(output+slen, "%s:", segover);
slen += snprintf(output+slen, outbuflen-slen, "%s:", segover);
segover = NULL;
}
if (ins.oprs[i].basereg != -1) {
slen += sprintf(output+slen, "%s",
slen += snprintf(output+slen, outbuflen-slen, "%s",
reg_names[(ins.oprs[i].basereg -
EXPR_REG_START)]);
started = TRUE;
@ -700,11 +700,11 @@ long disasm (unsigned char *data, char *output, int segsize, long offset,
if (ins.oprs[i].indexreg != -1) {
if (started)
output[slen++] = '+';
slen += sprintf(output+slen, "%s",
slen += snprintf(output+slen, outbuflen-slen, "%s",
reg_names[(ins.oprs[i].indexreg -
EXPR_REG_START)]);
if (ins.oprs[i].scale > 1)
slen += sprintf(output+slen, "*%d", ins.oprs[i].scale);
slen += snprintf(output+slen, outbuflen-slen, "*%d", ins.oprs[i].scale);
started = TRUE;
}
if (ins.oprs[i].segment & SEG_DISP8) {
@ -713,20 +713,20 @@ long disasm (unsigned char *data, char *output, int segsize, long offset,
ins.oprs[i].offset = - (signed char) ins.oprs[i].offset;
sign = '-';
}
slen += sprintf(output+slen, "%c0x%lx", sign,
slen += snprintf(output+slen, outbuflen-slen, "%c0x%lx", sign,
ins.oprs[i].offset);
} else if (ins.oprs[i].segment & SEG_DISP16) {
if (started)
output[slen++] = '+';
slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset);
slen += snprintf(output+slen, outbuflen-slen, "0x%lx", ins.oprs[i].offset);
} else if (ins.oprs[i].segment & SEG_DISP32) {
if (started)
output[slen++] = '+';
slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset);
slen += snprintf(output+slen, outbuflen-slen, "0x%lx", ins.oprs[i].offset);
}
output[slen++] = ']';
} else {
slen += sprintf(output+slen, "<operand%d>", i);
slen += snprintf(output+slen, outbuflen-slen, "<operand%d>", i);
}
}
output[slen] = '\0';
@ -741,8 +741,8 @@ long disasm (unsigned char *data, char *output, int segsize, long offset,
return length;
}
long eatbyte (unsigned char *data, char *output)
long eatbyte (unsigned char *data, char *output, int outbufsize)
{
sprintf(output, "db 0x%02X", *data);
snprintf(output, outbufsize, "db 0x%02X", *data);
return 1;
}