DBG: Fix some nice undefined behavior in RefFind

2015-10-18 18:17:26 -04:00 · 2015-10-18 18:17:26 -04:00 · f7fec2d7dc
parent 3f2267c575
commit f7fec2d7dc
3 changed files with 15 additions and 15 deletions
--- a/src/dbg/instruction.cpp
+++ b/src/dbg/instruction.cpp
@ -1518,7 +1518,7 @@ CMDRESULT cbInstrBookmarkList(int argc, char* argv[])
    BookmarkEnum(0, &cbsize);
    if(!cbsize)
    {
-        dputs("no bookmarks");
+        dputs("No bookmarks found");
        return STATUS_CONTINUE;
    }
    Memory<BOOKMARKSINFO*> bookmarks(cbsize, "cbInstrBookmarkList:bookmarks");
@ -1535,7 +1535,7 @@ CMDRESULT cbInstrBookmarkList(int argc, char* argv[])
            GuiReferenceSetCellContent(i, 1, disassembly);
    }
    varset("$result", count, false);
-    dprintf("%d bookmark(s) listed in Reference View\n", count);
+    dprintf("%d bookmark(s) listed\n", count);
    GuiReferenceReloadData();
    return STATUS_CONTINUE;
 }
@ -1581,7 +1581,7 @@ CMDRESULT cbInstrFunctionList(int argc, char* argv[])
        }
    }
    varset("$result", count, false);
-    dprintf("%d function(s) listed in Reference View\n", count);
+    dprintf("%d function(s) listed\n", count);
    GuiReferenceReloadData();
    return STATUS_CONTINUE;
 }
@ -1627,7 +1627,7 @@ CMDRESULT cbInstrLoopList(int argc, char* argv[])
        }
    }
    varset("$result", count, false);
-    dprintf("%d loop(s) listed in Reference View\n", count);
+    dprintf("%d loop(s) listed\n", count);
    GuiReferenceReloadData();
    return STATUS_CONTINUE;
 }
--- a/src/dbg/reference.cpp
+++ b/src/dbg/reference.cpp
@ -18,7 +18,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
    if(!regionBase || !regionSize)
    {
        if(!Silent)
-            dprintf("Invalid memory page 0x%p", Address);
+            dprintf("Invalid memory page 0x%p\n", Address);

        return 0;
    }
@ -57,9 +57,8 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
    else
        sprintf_s(fullName, "%s (%p)", Name, scanStart);

-    // Initialize the disassembler
+    // Initialize disassembler
    Capstone cp;
-    unsigned char* dataptr = data();

    // Allow an "initialization" notice
    REFINFO refInfo;
@ -83,25 +82,26 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
        }

        // Disassemble the instruction
-        int len;
-        if(cp.Disassemble(scanStart, dataptr, MAX_DISASM_BUFFER))
+		int disasmMaxSize = min(MAX_DISASM_BUFFER, (int)(scanSize - i)); // Prevent going past the boundary
+        int disasmLen = 1;
+
+		if (cp.Disassemble(scanStart, data() + i, disasmMaxSize))
        {
            BASIC_INSTRUCTION_INFO basicinfo;
            fillbasicinfo(&cp, &basicinfo);

            if(Callback(&cp, &basicinfo, &refInfo))
                refInfo.refcount++;
-            len = cp.Size();
+
+			disasmLen = cp.Size();
        }
        else
        {
            // Invalid instruction detected, so just skip the byte
-            len = 1;
        }

-        dataptr += len;
-        scanStart += len;
-        i += len;
+		scanStart += disasmLen;
+		i += disasmLen;
    }

    GuiReferenceSetProgress(100);
--- a/src/gui/Src/Gui/CPUDisassembly.cpp
+++ b/src/gui/Src/Gui/CPUDisassembly.cpp
@ -859,7 +859,7 @@ void CPUDisassembly::toggleFunction()
        if(DbgGetLabelAt(start, SEG_DEFAULT, labeltext))
            label_text = " (" + QString(labeltext) + ")";

-        QMessageBox msg(QMessageBox::Question, "Add the function?", start_text + "-" + end_text + label_text, QMessageBox::Yes | QMessageBox::No);
+        QMessageBox msg(QMessageBox::Question, "Define this function?", start_text + "-" + end_text + label_text, QMessageBox::Yes | QMessageBox::No);
        msg.setWindowIcon(QIcon(":/icons/images/compile.png"));
        msg.setParent(this, Qt::Dialog);
        msg.setWindowFlags(msg.windowFlags() & (~Qt::WindowContextHelpButtonHint));