these-android-re/androscalpel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix overflow when negating iXX::MIN

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2024-02-01 14:54:37 +01:00
parent 1bd786c9d7
commit 86a028f0bd
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
2 changed files with 51 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

76
androscalpel/src/apk.rs
View file

@ -849,7 +849,7 @@ impl Apk {
Instruction::FilledNewArray(FilledNewArray::new(type_, reg_values)?) Instruction::FilledNewArray(FilledNewArray::new(type_, reg_values)?)
} }
Format31T { op: 0x26, va, b } => { Format31T { op: 0x26, va, b } => {
if b < 0 && -b as usize > addr { if b < 0 && (-(b as i64)) as usize > addr {
bail!( bail!(
"Found fill-array-data-payload v{va} +{b} at {addr}, \ "Found fill-array-data-payload v{va} +{b} at {addr}, \
data location invalid (negative addresse)" data location invalid (negative addresse)"
@ -858,7 +858,7 @@ impl Apk {
let data_addr = if b > 0 { let data_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b as usize) addr - (-(b as i64) as usize)
}; };
if let Some(ins) = insns_ref.get(&data_addr) { if let Some(ins) = insns_ref.get(&data_addr) {
if let FormatFillArrayDataPayload { elt_width, data } = ins { if let FormatFillArrayDataPayload { elt_width, data } = ins {
@ -878,13 +878,13 @@ impl Apk {
} }
Format11X { op: 0x27, va } => Instruction::Throw(Throw::new(va)), Format11X { op: 0x27, va } => Instruction::Throw(Throw::new(va)),
Format10T { op: 0x28, a } => { Format10T { op: 0x28, a } => {
if a < 0 && (-a) as usize > addr { if a < 0 && (-(a as i64)) as usize > addr {
bail!("Found goto {a} at 0x{addr:0x}: the destination is invalid (negative addresse)"); bail!("Found goto {a} at 0x{addr:0x}: the destination is invalid (negative addresse)");
} }
let dest_addr = if a > 0 { let dest_addr = if a > 0 {
addr + a as usize addr + a as usize
} else { } else {
addr - (-a as usize) addr - (-(a as i64) as usize)
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -896,13 +896,13 @@ impl Apk {
Instruction::Goto(Goto::new(label)) Instruction::Goto(Goto::new(label))
} }
Format20T { op: 0x29, a } => { Format20T { op: 0x29, a } => {
if a < 0 && (-a) as usize > addr { if a < 0 && (-(a as i64)) as usize > addr {
bail!("Found goto {a} at 0x{addr:0x}: the destination is invalid (negative addresse)"); bail!("Found goto {a} at 0x{addr:0x}: the destination is invalid (negative addresse)");
} }
let dest_addr = if a > 0 { let dest_addr = if a > 0 {
addr + a as usize addr + a as usize
} else { } else {
addr - (-a as usize) addr - (-(a as i64) as usize)
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -914,13 +914,13 @@ impl Apk {
Instruction::Goto(Goto::new(label)) Instruction::Goto(Goto::new(label))
} }
Format30T { op: 0x2a, a } => { Format30T { op: 0x2a, a } => {
if a < 0 && (-a) as usize > addr { if a < 0 && (-(a as i64)) as usize > addr {
bail!("Found goto {a} at 0x{addr:0x}: the destination is invalid (negative addresse)"); bail!("Found goto {a} at 0x{addr:0x}: the destination is invalid (negative addresse)");
} }
let dest_addr = if a > 0 { let dest_addr = if a > 0 {
addr + a as usize addr + a as usize
} else { } else {
addr - (-a as usize) addr - (-(a as i64) as usize)
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -932,7 +932,7 @@ impl Apk {
Instruction::Goto(Goto::new(label)) Instruction::Goto(Goto::new(label))
} }
Format31T { op: 0x2b, va, b } => { Format31T { op: 0x2b, va, b } => {
if b < 0 && -b as usize > addr { if b < 0 && -(b as i64) as usize > addr {
bail!( bail!(
"Found packed-switch v{va} +{b} at {addr}, \ "Found packed-switch v{va} +{b} at {addr}, \
data location invalid (negative addresse)" data location invalid (negative addresse)"
@ -941,14 +941,14 @@ impl Apk {
let data_addr = if b > 0 { let data_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b as usize) addr - (-(b as i64) as usize)
}; };
if let Some(ins) = insns_ref.get(&data_addr) { if let Some(ins) = insns_ref.get(&data_addr) {
if let FormatPackedSwitchPayload { first_key, targets } = ins { if let FormatPackedSwitchPayload { first_key, targets } = ins {
let mut branches = HashMap::new(); let mut branches = HashMap::new();
let mut key = *first_key; let mut key = *first_key;
for target in targets.iter().cloned() { for target in targets.iter().cloned() {
if target < 0 && (-target) as usize > addr { if target < 0 && (-(target as i64)) as usize > addr {
bail!( bail!(
"Found switch branche to offset {target} at 0x{addr:0x}: \ "Found switch branche to offset {target} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -957,7 +957,7 @@ impl Apk {
let dest_addr = if target > 0 { let dest_addr = if target > 0 {
addr + target as usize addr + target as usize
} else { } else {
addr - (-target as usize) addr - (-(target as i64) as usize)
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -987,7 +987,7 @@ impl Apk {
} }
} }
Format31T { op: 0x2c, va, b } => { Format31T { op: 0x2c, va, b } => {
if b < 0 && -b as usize > addr { if b < 0 && -(b as i64) as usize > addr {
bail!( bail!(
"Found sparsed-switch v{va} +{b} at {addr}, \ "Found sparsed-switch v{va} +{b} at {addr}, \
data location invalid (negative addresse)" data location invalid (negative addresse)"
@ -996,7 +996,7 @@ impl Apk {
let data_addr = if b > 0 { let data_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b as usize) addr - (-(b as i64) as usize)
}; };
if let Some(ins) = insns_ref.get(&data_addr) { if let Some(ins) = insns_ref.get(&data_addr) {
if let FormatSparseSwitchPayload { key_targets } = ins { if let FormatSparseSwitchPayload { key_targets } = ins {
@ -1075,7 +1075,7 @@ impl Apk {
vb, vb,
c, c,
} => { } => {
if c < 0 && (-c) as usize > addr { if c < 0 && (-(c as i64)) as usize > addr {
bail!( bail!(
"Found if-eq vA vB {c} at 0x{addr:0x}: \ "Found if-eq vA vB {c} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1084,7 +1084,7 @@ impl Apk {
let dest_addr = if c > 0 { let dest_addr = if c > 0 {
addr + c as usize addr + c as usize
} else { } else {
addr - (-c) as usize addr - (-(c as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1101,7 +1101,7 @@ impl Apk {
vb, vb,
c, c,
} => { } => {
if c < 0 && (-c) as usize > addr { if c < 0 && (-(c as i64)) as usize > addr {
bail!( bail!(
"Found if-ne vA vB {c} at 0x{addr:0x}: \ "Found if-ne vA vB {c} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1110,7 +1110,7 @@ impl Apk {
let dest_addr = if c > 0 { let dest_addr = if c > 0 {
addr + c as usize addr + c as usize
} else { } else {
addr - (-c) as usize addr - (-(c as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1127,7 +1127,7 @@ impl Apk {
vb, vb,
c, c,
} => { } => {
if c < 0 && (-c) as usize > addr { if c < 0 && (-(c as i64)) as usize > addr {
bail!( bail!(
"Found if-lt vA vB {c} at 0x{addr:0x}: \ "Found if-lt vA vB {c} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1136,7 +1136,7 @@ impl Apk {
let dest_addr = if c > 0 { let dest_addr = if c > 0 {
addr + c as usize addr + c as usize
} else { } else {
addr - (-c) as usize addr - (-(c as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1153,7 +1153,7 @@ impl Apk {
vb, vb,
c, c,
} => { } => {
if c < 0 && (-c) as usize > addr { if c < 0 && (-(c as i64)) as usize > addr {
bail!( bail!(
"Found if-ge vA vB {c} at 0x{addr:0x}: \ "Found if-ge vA vB {c} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1162,7 +1162,7 @@ impl Apk {
let dest_addr = if c > 0 { let dest_addr = if c > 0 {
addr + c as usize addr + c as usize
} else { } else {
addr - (-c) as usize addr - (-(c as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1179,7 +1179,7 @@ impl Apk {
vb, vb,
c, c,
} => { } => {
if c < 0 && (-c) as usize > addr { if c < 0 && (-(c as i64)) as usize > addr {
bail!( bail!(
"Found if-gt vA vB {c} at 0x{addr:0x}: \ "Found if-gt vA vB {c} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1188,7 +1188,7 @@ impl Apk {
let dest_addr = if c > 0 { let dest_addr = if c > 0 {
addr + c as usize addr + c as usize
} else { } else {
addr - (-c) as usize addr - (-(c as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1205,7 +1205,7 @@ impl Apk {
vb, vb,
c, c,
} => { } => {
if c < 0 && (-c) as usize > addr { if c < 0 && (-(c as i64)) as usize > addr {
bail!( bail!(
"Found if-le vA vB {c} at 0x{addr:0x}: \ "Found if-le vA vB {c} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1214,7 +1214,7 @@ impl Apk {
let dest_addr = if c > 0 { let dest_addr = if c > 0 {
addr + c as usize addr + c as usize
} else { } else {
addr - (-c) as usize addr - (-(c as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1226,7 +1226,7 @@ impl Apk {
Instruction::IfLe(IfLe::new(va, vb, label)?) Instruction::IfLe(IfLe::new(va, vb, label)?)
} }
Format21T { op: 0x38, va, b } => { Format21T { op: 0x38, va, b } => {
if b < 0 && (-b) as usize > addr { if b < 0 && (-(b as i64)) as usize > addr {
bail!( bail!(
"Found if-eqz vA vB {b} at 0x{addr:0x}: \ "Found if-eqz vA vB {b} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1235,7 +1235,7 @@ impl Apk {
let dest_addr = if b > 0 { let dest_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b) as usize addr - (-(b as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1247,7 +1247,7 @@ impl Apk {
Instruction::IfEqZ(IfEqZ::new(va, label)?) Instruction::IfEqZ(IfEqZ::new(va, label)?)
} }
Format21T { op: 0x39, va, b } => { Format21T { op: 0x39, va, b } => {
if b < 0 && (-b) as usize > addr { if b < 0 && (-(b as i64)) as usize > addr {
bail!( bail!(
"Found if-nez vA vB {b} at 0x{addr:0x}: \ "Found if-nez vA vB {b} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1256,7 +1256,7 @@ impl Apk {
let dest_addr = if b > 0 { let dest_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b) as usize addr - (-(b as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1268,7 +1268,7 @@ impl Apk {
Instruction::IfNeZ(IfNeZ::new(va, label)?) Instruction::IfNeZ(IfNeZ::new(va, label)?)
} }
Format21T { op: 0x3a, va, b } => { Format21T { op: 0x3a, va, b } => {
if b < 0 && (-b) as usize > addr { if b < 0 && (-(b as i64)) as usize > addr {
bail!( bail!(
"Found if-ltz vA vB {b} at 0x{addr:0x}: \ "Found if-ltz vA vB {b} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1277,7 +1277,7 @@ impl Apk {
let dest_addr = if b > 0 { let dest_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b) as usize addr - (-(b as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1289,7 +1289,7 @@ impl Apk {
Instruction::IfLtZ(IfLtZ::new(va, label)?) Instruction::IfLtZ(IfLtZ::new(va, label)?)
} }
Format21T { op: 0x3b, va, b } => { Format21T { op: 0x3b, va, b } => {
if b < 0 && (-b) as usize > addr { if b < 0 && (-(b as i64)) as usize > addr {
bail!( bail!(
"Found if-gez vA vB {b} at 0x{addr:0x}: \ "Found if-gez vA vB {b} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1298,7 +1298,7 @@ impl Apk {
let dest_addr = if b > 0 { let dest_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b) as usize addr - (-(b as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1310,7 +1310,7 @@ impl Apk {
Instruction::IfGeZ(IfGeZ::new(va, label)?) Instruction::IfGeZ(IfGeZ::new(va, label)?)
} }
Format21T { op: 0x3c, va, b } => { Format21T { op: 0x3c, va, b } => {
if b < 0 && (-b) as usize > addr { if b < 0 && (-(b as i64)) as usize > addr {
bail!( bail!(
"Found if-gtz vA vB {b} at 0x{addr:0x}: \ "Found if-gtz vA vB {b} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1319,7 +1319,7 @@ impl Apk {
let dest_addr = if b > 0 { let dest_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b) as usize addr - (-(b as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {
@ -1331,7 +1331,7 @@ impl Apk {
Instruction::IfGtZ(IfGtZ::new(va, label)?) Instruction::IfGtZ(IfGtZ::new(va, label)?)
} }
Format21T { op: 0x3d, va, b } => { Format21T { op: 0x3d, va, b } => {
if b < 0 && (-b) as usize > addr { if b < 0 && (-(b as i64)) as usize > addr {
bail!( bail!(
"Found if-lez vA vB {b} at 0x{addr:0x}: \ "Found if-lez vA vB {b} at 0x{addr:0x}: \
the destination is invalid (negative addresse)" the destination is invalid (negative addresse)"
@ -1340,7 +1340,7 @@ impl Apk {
let dest_addr = if b > 0 { let dest_addr = if b > 0 {
addr + b as usize addr + b as usize
} else { } else {
addr - (-b) as usize addr - (-(b as i64)) as usize
}; };
let label = format!("label_{dest_addr:08X}"); let label = format!("label_{dest_addr:08X}");
if let Some(old_label) = labels.insert(dest_addr, label.clone()) { if let Some(old_label) = labels.insert(dest_addr, label.clone()) {

26
test.py
View file

@ -57,19 +57,19 @@ for i in code.insns:
print(f" {i}") print(f" {i}")
# Strip class for debugging # Strip class for debugging
classes = list( # classes = list(
filter( # filter(
lambda x: x # lambda x: x
not in [ # not in [
IdType("Lcom/example/testapplication/ui/home/HomeViewModel;"), # IdType("Lcom/example/testapplication/ui/home/HomeViewModel;"),
IdType("Landroidx/navigation/NavDeepLink$Builder;"), # IdType("Landroidx/navigation/NavDeepLink$Builder;"),
IdType("Landroidx/constraintlayout/core/widgets/ConstraintWidget$1;"), # IdType("Landroidx/constraintlayout/core/widgets/ConstraintWidget$1;"),
], # ],
apk.classes.keys(), # apk.classes.keys(),
) # )
) # )
for cls in classes: # for cls in classes:
apk.remove_class(cls) # apk.remove_class(cls)
print("[+] Recompile") print("[+] Recompile")