Fix radareorg#12855 - Crash in "r2 -c'dL bf' -d ls" (radareorg#13145)

Mic92 · Feb 18, 2019 · 2a00ff2 · 2a00ff2
1 parent 55cd227
commit 2a00ff2
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 26 deletions.
diff --git a/libr/core/cconfig.c b/libr/core/cconfig.c
@@ -1310,6 +1310,7 @@ static int cb_dbgbackend(void *user, void *data) {
 		return false;
 	}
 	if (!strcmp (node->value, "bf")) {
+		// hack
 		r_config_set (core->config, "asm.arch", "bf");
 	}
 	r_debug_use (core->dbg, node->value);

diff --git a/libr/core/cmd_debug.c b/libr/core/cmd_debug.c
@@ -4654,19 +4654,26 @@ static int cmd_debug(void *data, const char *input) {
 		cmd_debug_pid (core, input);
 		break;
 	case 'L': // "dL"
-		if (input[1]=='q') {
+		switch (input[1]) {
+		case 'q':
 			r_debug_plugin_list (core->dbg, 'q');
-		} else if (input[1]=='j') {
+			break;
+		case 'j':
 			r_debug_plugin_list (core->dbg, 'j');
-		} else if (input[1]=='?') {
+			break;
+		case '?':
 			r_core_cmd_help (core, help_msg_dL);
-		} else if (input[1]==' ') {
+			break;
+		case ' ': {
 			char *str = r_str_trim (strdup (input + 2));
 			r_config_set (core->config, "dbg.backend", str);
 			// implicit by config.set r_debug_use (core->dbg, str);
 			free (str);
-		} else {
+			}
+			break;
+		default:
 			r_debug_plugin_list (core->dbg, 0);
+			break;
 		}
 		break;
 	case 'i': // "di"

diff --git a/libr/debug/p/debug_bf.c b/libr/debug/p/debug_bf.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2011-2015 - pancake */
+/* radare - LGPL - Copyright 2011-2019 - pancake */
 
 #include <r_asm.h>
 #include <r_debug.h>
@@ -27,13 +27,14 @@ struct bfvm_regs {
 
 static struct bfvm_regs r;
 
-static int is_io_bf(RDebug *dbg) {
+static bool is_io_bf(RDebug *dbg) {
 	RIODesc *d = dbg->iob.io->desc;
 	if (d && d->plugin && d->plugin->name) {
-		if (!strcmp ("bdescbg", d->plugin->name)) {
+		if (!strcmp ("bfdbg", d->plugin->name)) {
 			return true;
 		}
 	}
+	eprintf ("error: the iodesc data is not brainfuck friendly\n");
 	return false;
 }
 
@@ -61,17 +62,14 @@ static int r_debug_bf_step(RDebug *dbg) {
 }
 
 static int r_debug_bf_reg_read(RDebug *dbg, int type, ut8 *buf, int size) {
-	RIOBdescbg *o;
-	if (!dbg) {
-		return false;
-	}
+	r_return_val_if_fail (dbg && buf && size > 0, -1);
 	if (!is_io_bf (dbg)) {
 		return 0;
 	}
 	if (!(dbg->iob.io) || !(dbg->iob.io->desc) || !(dbg->iob.io->desc->data)) {
 		return 0;
 	}
-	o = dbg->iob.io->desc->data;
+	RIOBdescbg *o = dbg->iob.io->desc->data;
 	r.pc = o->bfvm->eip;
 	r.ptr = o->bfvm->ptr;
 	r.sp = o->bfvm->esp;
@@ -87,7 +85,6 @@ static int r_debug_bf_reg_read(RDebug *dbg, int type, ut8 *buf, int size) {
 }
 
 static int r_debug_bf_reg_write(RDebug *dbg, int type, const ut8 *buf, int size) {
-	RIOBdescbg *o;
 	if (!dbg) {
 		return false;
 	}
@@ -97,7 +94,7 @@ static int r_debug_bf_reg_write(RDebug *dbg, int type, const ut8 *buf, int size)
 	if (!(dbg->iob.io) || !(dbg->iob.io->desc) || !(dbg->iob.io->desc->data)) {
 		return 0;
 	}
-	o = dbg->iob.io->desc->data;
+	RIOBdescbg *o = dbg->iob.io->desc->data;
 	memcpy (&r, buf, sizeof (r));
 	o->bfvm->eip = r.pc;
 	o->bfvm->ptr = r.ptr; // dup
@@ -132,13 +129,6 @@ static int r_debug_bf_attach(RDebug *dbg, int pid) {
 	if (!is_io_bf (dbg)) {
 		return false;
 	}
-#if 0
-	RIOBdescbg *o;
-	o = dbg->iob.io->desc->data;
-eprintf ("base = %llx\n", o->bfvm->base);
-eprintf ("screen = %llx\n", o->bfvm->screen);
-eprintf ("input = %llx\n", o->bfvm->input);
-#endif
 	return true;
 }
 
@@ -170,12 +160,20 @@ static int r_debug_bf_breakpoint (struct r_bp_t *bp, RBreakpointItem *b, bool se
 }
 
 static bool r_debug_bf_kill(RDebug *dbg, int pid, int tid, int sig) {
+	if (!is_io_bf (dbg)) {
+		return false;
+	}
 	RIOBdescbg *o = dbg->iob.io->desc->data;
-	bfvm_reset (o->bfvm);
+	if (o) {
+		bfvm_reset (o->bfvm);
+	}
 	return true;
 }
 
 static RList *r_debug_native_map_get(RDebug *dbg) {
+	if (!is_io_bf (dbg)) {
+		return false;
+	}
 	RIOBdescbg *o = dbg->iob.io->desc->data;
 	BfvmCPU *c = o->bfvm;
 	RList *list = r_list_newf ((RListFree)r_debug_map_free);
@@ -194,6 +192,9 @@ static RList *r_debug_native_map_get(RDebug *dbg) {
 }
 
 static int r_debug_bf_stop(RDebug *dbg) {
+	if (!is_io_bf (dbg)) {
+		return false;
+	}
 	RIOBdescbg *o = dbg->iob.io->desc->data;
 	BfvmCPU *c = o->bfvm;
 	c->breaked = true;

diff --git a/libr/debug/p/debug_native.c b/libr/debug/p/debug_native.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2009-2018 - pancake */
+/* radare - LGPL - Copyright 2009-2019 - pancake */
 
 #include <r_userconf.h>
 #include <r_debug.h>

diff --git a/libr/debug/plugin.c b/libr/debug/plugin.c
@@ -16,13 +16,19 @@ R_API void r_debug_plugin_init(RDebug *dbg) {
 }
 
 R_API bool r_debug_use(RDebug *dbg, const char *str) {
+	const char *old = (dbg && dbg->h)? dbg->h->name: "";
 	if (str) {
 		RDebugPlugin *h;
 		RListIter *iter;
 		r_list_foreach (dbg->plugins, iter, h) {
 			if (h->name && !strcmp (str, h->name)) {
 				dbg->h = h;
 				if (dbg->anal && dbg->anal->cur) {
+#if 0
+					if (old && strcmp (old, h->name) && dbg->iob.io->desc) {
+						dbg->iob.io->desc->data = NULL;
+					}
+#endif
 					r_debug_set_arch (dbg, dbg->anal->cur->arch, dbg->bits);
 				}
 				dbg->bp->breakpoint = dbg->h->breakpoint;

diff --git a/libr/io/p/io_bfdbg.c b/libr/io/p/io_bfdbg.c
@@ -11,6 +11,7 @@
 #include "../debug/p/bfvm.c"
 
 typedef struct {
+	ut32 magic;
 	int fd;
 	ut8 *buf;
 	ut32 size;

diff --git a/libr/io/p/io_debug.c b/libr/io/p/io_debug.c
@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2007-2017 - pancake */
+/* radare - LGPL - Copyright 2007-2019 - pancake */
 
 #include <errno.h>
 #include <r_io.h>
@@ -485,7 +485,6 @@ static int fork_and_ptraceme(RIO *io, int bits, const char *cmd) {
 #else
 	int ret, status, child_pid;
 	bool runprofile = io->runprofile && *(io->runprofile);
-
 	fork_child_data child_data;
 	child_data.io = io;
 	child_data.bits = bits;