yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-05 02:39:44 +02:00
Code Issues Releases Wiki Activity

GP-3426 Protect against too large constants

Browse source
This commit is contained in:
caheckman 2023-05-10 14:39:29 -04:00
parent 7089e6de63
commit 8977840661
1 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Ghidra/Features/Decompiler/src/decompile/cpp/ruleaction.cc
View file

@ -1870,7 +1870,7 @@ int4 RuleDoubleShift::applyOp(PcodeOp *op,Funcdata &data)
sa2 = secop->getIn(1)->getOffset();
if (opc1 == opc2) {
if (sa1 + sa2 < 8*size) {
newvn = data.newConstant(size,sa1+sa2);
newvn = data.newConstant(4,sa1+sa2);
data.opSetOpcode(op,opc1);
data.opSetInput(op,secop->getIn(0),0);
data.opSetInput(op,newvn,1);
@ -1882,7 +1882,7 @@ int4 RuleDoubleShift::applyOp(PcodeOp *op,Funcdata &data)
data.opRemoveInput(op,1);
}
}
else if (sa1 == sa2) {
else if (sa1 == sa2 && size <= sizeof(uintb)) { // FIXME: precision
mask = calc_mask(size);
if (opc1 == CPUI_INT_LEFT)
mask = (mask<<sa1) & mask;
@ -3428,7 +3428,7 @@ int4 RuleShift2Mult::applyOp(PcodeOp *op,Funcdata &data)
/// \brief Convert "shift and add" to PIECE: (zext(V) << 16) + zext(W) => concat(V,W)
///
/// The \e add operation can be INT_ADD, INT_OR, or INT_XOR. If the extension size is bigger
/// than the concatentation size, the concatentation can be zero extended.
/// than the concatenation size, the concatenation can be zero extended.
/// This also supports other special forms where a value gets
/// concatenated with its own sign extension bits.
///
@ -4309,6 +4309,9 @@ int4 RuleConcatCommute::applyOp(PcodeOp *op,Funcdata &data)
OpCode opc;
uintb val;
int4 outsz = op->getOut()->getSize();
if (outsz > sizeof(uintb))
return 0; // FIXME: precision problem for constants
for(int4 i=0;i<2;++i) {
vn = op->getIn(i);
if (!vn->isWritten()) continue;
@ -4348,7 +4351,7 @@ int4 RuleConcatCommute::applyOp(PcodeOp *op,Funcdata &data)
if (lo->isFree()) continue;
newconcat = data.newOp(2,op->getAddr());
data.opSetOpcode(newconcat,CPUI_PIECE);
newvn = data.newUniqueOut(op->getOut()->getSize(),newconcat);
newvn = data.newUniqueOut(outsz,newconcat);
data.opSetInput(newconcat,hi,0);
data.opSetInput(newconcat,lo,1);
data.opInsertBefore(newconcat,op);
@ -5352,7 +5355,7 @@ int4 RuleSLess2Zero::applyOp(PcodeOp *op,Funcdata &data)
}
else if (feedOpCode == CPUI_SUBPIECE) {
avn = feedOp->getIn(0);
if (avn->isFree())
if (avn->isFree() || avn->getSize() > 8) // Don't create comparison bigger than 8 bytes
return 0;
if (rvn->getSize() + (int4) feedOp->getIn(1)->getOffset() == avn->getSize()) {
// We have -1 s< SUB( avn, #hi )
@ -5424,7 +5427,8 @@ int4 RuleSLess2Zero::applyOp(PcodeOp *op,Funcdata &data)
}
else if (feedOpCode == CPUI_SUBPIECE) {
avn = feedOp->getIn(0);
if (avn->isFree()) return 0;
if (avn->isFree() || avn->getSize() > 8) // Don't create comparison greater than 8 bytes
return 0;
if (lvn->getSize() + (int4)feedOp->getIn(1)->getOffset() == avn->getSize()) {
// We have SUB( avn, #hi ) s< 0
data.opSetInput(op,avn,0);