sebastianbiallas / ht Goto Github PK
View Code? Open in Web Editor NEWThe HT Editor: A file editor/viewer/analyzer for executables.
License: GNU General Public License v2.0
The HT Editor: A file editor/viewer/analyzer for executables.
License: GNU General Public License v2.0
hello , I found three potential bugs of file descriptor leak,would you help me check if these bugs are true?Thank you for your patience and effort.
==============================================================================
step 1 :
In file ht/tools/bin2c.c , function main line 162 :
Function fopen64 executes and stores the return value to out
step 2 :
In file ht/tools/bin2c.c , function main line 163 :
Select the true branch at this point (out!=null is true)
step 3 :
In file ht/tools/bin2c.c , function main lines after line 163
no statement close out
==============================================================================
step 1 :
In file ht/tools/bin2c.c , function main line 157 :
Function fopen64 executes and stores the return value to outh
step 2 :
In file ht/tools/bin2c.c , function main line 158 :
Select the true branch at this point (outh!=null is true)
step 3 :
In file ht/tools/bin2c.c , function main lines after line 158:
no statement close outh
==============================================================================
step 1 :
In file ht/tools/bin2c.c , function main line 140 :
Function fopen executes and stores the return value to in
step 2 :
In file ht/tools/bin2c.c , function main line 141 :
Select the true branch at this point (in!=null is true)
step 3 :
In file ht/tools/bin2c.c , function main lines after line 141:
no statement close in
A crash of the program occurs when I'm trying to edit some exe files.
ht 2.1.0, Windows 10
There is an example of a file (this is an exe file from the game UnReal World 3.30):
https://bitbucket.org/snippets/insolor/XKAX8
I tried to build it myself but failed.
There have been many releases of ht, as shown on the news page of your web site, but there are no corresponding tags or GitHub releases in this repository. Please create a git tag and GitHub release for each version that you have released.
a float/int/uint define/preview/view would be useful, a preview of interpreted bytes.
atm i note interesting values via comment.
edit: tried to better explain
HTE d462d62 does not cleanly start when compiled with Address Sanitizer. The following output is produced:
=================================================================
==7327==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000125f9b8 at pc 0x00000089e45e bp 0x7fffc9635790 sp 0x7fffc9635788
READ of size 8 at 0x00000125f9b8 thread T0
#0 0x89e45d in find_pal_layout(pal_class*, char const*, int*) /home/jn/dev/hack/ht/htpal.cc:166:3
#1 0x89f059 in load_pal(char const*, char const*, palette*) /home/jn/dev/hack/ht/htpal.cc:191:19
#2 0x9fe6bd in ht_c_syntax_lexer::reloadpalette() /home/jn/dev/hack/ht/syntax.cc:432:2
#3 0x9fe46c in ht_c_syntax_lexer::config_changed() /home/jn/dev/hack/ht/syntax.cc:375:2
#4 0x9fdc6d in ht_c_syntax_lexer::init() /home/jn/dev/hack/ht/syntax.cc:363:2
#5 0x651a39 in ht_app::init(Bounds*) /home/jn/dev/hack/ht/htapp.cc:1430:2
#6 0x685460 in init_app() /home/jn/dev/hack/ht/htapp.cc:3364:2
#7 0x995ba2 in init() /home/jn/dev/hack/ht/main.cc:98:8
#8 0x98fce0 in main /home/jn/dev/hack/ht/main.cc:282:7
#9 0x7f34911dcb44 in __libc_start_main /build/glibc-NmptCx/glibc-2.19/csu/libc-start.c:287
#10 0x53624c in _start (/home/jn/dev/hack/ht/ht+0x53624c)
0x00000125f9b8 is located 40 bytes to the left of global variable 'pal_layout_analyser' defined in 'htpal.cc:118:12' (0x125f9e0) of size 96
0x00000125f9b8 is located 8 bytes to the right of global variable 'pal_layout_syntax' defined in 'htpal.cc:103:12' (0x125f900) of size 176
SUMMARY: AddressSanitizer: global-buffer-overflow /home/jn/dev/hack/ht/htpal.cc:166 find_pal_layout(pal_class*, char const*, int*)
Shadow bytes around the buggy address:
0x000080243ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080243ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080243f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080243f10: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x000080243f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x000080243f30: 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9 00 00 00 00
0x000080243f40: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
0x000080243f50: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00
0x000080243f60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080243f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080243f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
ASan internal: fe
==7327==ABORTING
ASan is nice because it helps in testing crash bugs.
g++ -DHAVE_CONFIG_H -I. -I./analyser -I./asm -I./info -I./io/posix -I./io -I./output -I./eval -I. -DNOMACROS -O3 -fomit-frame-pointer -Wall -fsigned-char -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Woverloaded-virtual -Wnon-virtual-dtor -MT htapp.o -MD -MP -MF .deps/htapp.Tpo -c -o htapp.o htapp.cc
htapp.cc:282:7: warning: unused variable 'buflen' [-Wunused-variable]
int buflen = ht_snprintf(buf, VFS_URL_MAX, "%s:%y", listbox->getCurProto(), &res);
^
htapp.cc:769:10: warning: cast to 'void ' from smaller integer type 'uint' (aka 'unsigned int') [-Wint-to-void-pointer-cast]
return (void)(project->count());
^
htapp.cc:3026:9: error: call to 'abs' is ambiguous
while (abs(a - b) > 1) {
^~~
/usr/include/stdlib.h:137:6: note: candidate function
int abs(int) __pure2;
^
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/stdlib.h:115:44: note: candidate function
inline _LIBCPP_INLINE_VISIBILITY long abs( long __x) _NOEXCEPT {return labs(__x);}
^
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/stdlib.h:117:44: note: candidate function
inline _LIBCPP_INLINE_VISIBILITY long long abs(long long __x) _NOEXCEPT {return llabs(__x);}
^
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/math.h:693:1: note: candidate function
abs(float __lcpp_x) _NOEXCEPT {return ::fabsf(__lcpp_x);}
^
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/math.h:697:1: note: candidate function
abs(double __lcpp_x) _NOEXCEPT {return ::fabs(__lcpp_x);}
^
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include/c++/v1/math.h:701:1: note: candidate function
abs(long double __lcpp_x) _NOEXCEPT {return ::fabsl(__lcpp_x);}
^
2 warnings and 1 error generated.
gmake[2]: *** [Makefile:703: htapp.o] Error 1
As I needed to check the results of a first stage cross compiler (amd64 -> powerpc) on glibc, I tried to disassemble compiled files in glibc/csu, and each one I tried on hte ver 2.0.22 made it core dump. I'm using the ubuntu packaged build, though looking at the diffs, the program shouldn't be sensibly different from stock.
I don't know how to attach the files to this issue, but I can definitely provide them if needed.
$ ./autogen.sh
$ ./configure --prefix=/usr/local/stow/ht
...
...
./configure successful.
=====================
Configuration summary
=====================
X11 textmode support available: yes
enable profiling: no
make a release build: yes
using included minilzo: yes
$ make
...
...
...
$ make htdoc.h
...
...
...
$ make
Making all in eval
make[2]: Entering directory `/home/nopnop/src/ht/eval'
gcc -DHAVE_CONFIG_H -I. -I.. -I. -I.. -DNOMACROS -pipe -O3 -fomit-frame-pointer -Wall -fsigned-char -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -MT evalparse.o -MD -MP -MF .deps/evalparse.Tpo -c -o evalparse.o evalparse.c
evalparse.y: In function ‘yyparse’:
evalparse.y:65:22: error: ‘resultptr’ undeclared (first use in this function)
input: scalar { *(eval_scalar*)resultptr=$1; }
^
evalparse.y:65:22: note: each undeclared identifier is reported only once for each function it appears in
make[2]: *** [evalparse.o] Error 1
make[2]: Leaving directory `/home/nopnop/src/ht/eval'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/nopnop/src/ht'
make: *** [all] Error 2
The menu Edit -> delete (Ctrl+Del/Alt+D) of HT current latest release (ht-2.1.0-win32.exe) doesn't work.
hello , I found two potential bugs of null pointer dereference,would you help me check if these bugs are true?Thank you for your patience and effort.
==============================================================================
step 1 :
In file ht/asm/javadis.cc , function javadis::str_format line 362 :
null assigned to t reaches here
step 2 :
In file ht/asm/javadis.cc , function javadis::str_format line 367 :
null is used as the 2nd parameter in function strcpy
==============================================================================
step 1 :
In file ht/asm/x86dis.cc , function x86dis::str_format line 1485 :
null assigned to t reaches here
step 2 :
In file ht/asm/x86dis.cc , function x86dis::str_format line 1490 :
null is used as the 2nd parameter in function strcpy
I'm trying to open an invalid file with the following ELF header:
7f 45 4c 46 00 00 00 00 00 00
Which is giving me the following error message
No disassembler for unknown machine type 0000!
followed by a segfault.
I'm not able to open the file in binary mode. Only text mode works.
on ubuntu 14.04
./configure
make
g++ -DHAVE_CONFIG_H -I. -I.. -I.. -I../asm -I../io/posix -I../io -I../output -I../eval -DNOMACROS -pipe -O3 -fomit-frame-pointer -Wall -fsigned-char -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -std=c++14 -Woverloaded-virtual -Wnon-virtual-dtor -MT analy.o -MD -MP -MF .deps/analy.Tpo -c -o analy.o analy.cc
g++: error: unrecognized command line option ‘-std=c++14’
make[2]: *** [analy.o] Error 1
the subject
Recently I've run into a crackme from the web-site http://crackmes.de/. Here is the link to binary http://crackmes.de/users/josamont/j333/, but it needs registration, so I've uploaded the binary here https://yadi.sk/d/WheWlZ1FdH8kF.
Running ht on this binary gives me segfault.
Here is the gdb backtrace: https://gist.github.com/yurket/2f70b1199db5aae3bfc5
hello , I found two potential bugs of use of uninitialized variable ,would you help me check if these bugs are true?Thank you for your patience and effort.
==============================================================================
step 1 :
In file ht/asm/javadis.cc , function javadis::str_op line 265 :
a is used as the 1st parameter in function addr_sym_func (a is uninitialized)
==============================================================================
step 1 :
In file ht/asm/ildis.cc , function ILDisassembler::strf line 275 :
caddr is used as the 1st parameter in function addr_sym_func (caddr is uninitialized)
hello , I found two potential bugs of file memory leak ,would you help me check if these bugs are true?Thank you for your patience and effort.
==============================================================================
step 1 :
In file ht/info/infoview.cc , function ht_info_viewer::init line 388 :
Allocate memory to f, the allocated memory is leaked
==============================================================================
step 1 :
In file ht/info/infoview.cc , function ht_info_viewer::init line 390 :
Allocate memory to s, the allocated memory is leaked
Hello, can you please include ELF program header types 0x65a3dbe7 OPENBSD_WXNEEDED, 0x65a3dbe6 OPENBSD_RANDOMIZE and 0x65a41be6 OPENBSD_BOOTDATA.
See http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/include/elf/common.h?annotate=1.6 Line 308.
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.