Skip to content

Commit

Permalink
cs_disasm(): make sure cache_size is smaller than INSN_CACHE_SIZE to …
Browse files Browse the repository at this point in the history 
…avoid integer overflow in malloc()
  • Loading branch information
@aquynh
aquynh committed Oct 1, 2014
1 parent 50eeba2 commit 523ca99
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions cs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -422,8 +422,7 @@ size_t cs_disasm(csh ud, const uint8_t *buffer, size_t size, uint64_t offset, si
bool r;
void *tmp;
size_t skipdata_bytes;
// save all the original info of the buffer
uint64_t offset_org;
uint64_t offset_org; // save all the original info of the buffer
size_t size_org;
const uint8_t *buffer_org;
unsigned int cache_size = INSN_CACHE_SIZE;
Expand All @@ -437,15 +436,16 @@ size_t cs_disasm(csh ud, const uint8_t *buffer, size_t size, uint64_t offset, si
handle->errnum = CS_ERR_OK;

#ifdef CAPSTONE_USE_SYS_DYN_MEM
if (count > 0)
if (count > 0 && count < INSN_CACHE_SIZE)
cache_size = count;
#endif

// save the original offset for SKIPDATA
buffer_org = buffer;
offset_org = offset;
size_org = size;
total_size = (sizeof(cs_insn) * cache_size);

total_size = sizeof(cs_insn) * cache_size;
total = cs_mem_malloc(total_size);
insn_cache = total;

Expand Down

0 comments on commit 523ca99

Please sign in to comment.