Apparently, mixing allocated and static memory in a vector leaks the …

…allocated memory. rip.
rizinorg · Jan 17, 2024 · ade6023 · ade6023
1 parent 1691473
commit ade6023
Showing 1 changed file with 36 additions and 25 deletions.
diff --git a/librz/analysis/arch/hexagon/hexagon_il.c b/librz/analysis/arch/hexagon/hexagon_il.c
@@ -20,6 +20,36 @@
 #include <rz_il/rz_il_opcodes.h>
 #include <rz_il/rz_il_opbuilder_begin.h>
 
+static HexILOp hex_jump_flag_init_op = {
+	.attr = HEX_IL_INSN_ATTR_NONE,
+	.get_il_op = (HexILOpGetter)hex_il_op_jump_flag_init,
+};
+
+static HexILOp hex_next_jump_to_next_pkt = {
+	.attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND,
+	.get_il_op = (HexILOpGetter)hex_il_op_next_pkt_jmp,
+};
+
+static HexILOp hex_pkt_commit = {
+	.attr = HEX_IL_INSN_ATTR_NONE,
+	.get_il_op = (HexILOpGetter)hex_commit_packet,
+};
+
+static HexILOp hex_endloop0_op = {
+	.attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND,
+	.get_il_op = (HexILOpGetter)hex_il_op_j2_endloop0,
+};
+
+static HexILOp hex_endloop1_op = {
+	.attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND,
+	.get_il_op = (HexILOpGetter)hex_il_op_j2_endloop1,
+};
+
+static HexILOp hex_endloop01_op = {
+	.attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND,
+	.get_il_op = (HexILOpGetter)hex_il_op_j2_endloop01,
+};
+
 /**
  * \brief Sends the IL op at \p start to the position \p newloc.
  *
@@ -357,10 +387,7 @@ RZ_IPI RzILOpEffect *hex_get_il_op(const ut32 addr, const bool get_pkt_op) {
 		return hex_pkt_to_il_seq(p);
 	}
 
-	HexILOp *op = RZ_NEW0(HexILOp);
-	op->attr = HEX_IL_INSN_ATTR_NONE;
-	op->get_il_op = (HexILOpGetter)hex_il_op_jump_flag_init;
-	rz_pvector_push(p->il_ops, op);
+	rz_pvector_push(p->il_ops, &hex_jump_flag_init_op);
 
 	if (!set_pkt_il_ops(p)) {
 		RZ_LOG_INFO("IL ops at 0x%" PFMT32x " contain not implemented instructions.\n", addr);
@@ -373,32 +400,16 @@ RZ_IPI RzILOpEffect *hex_get_il_op(const ut32 addr, const bool get_pkt_op) {
 	}
 
 	if (hex_get_loop_flag(p) == HEX_LOOP_0) {
-		op = RZ_NEW0(HexILOp);
-		op->attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND;
-		op->get_il_op = (HexILOpGetter)hex_il_op_j2_endloop0;
-		rz_pvector_push(p->il_ops, op);
+		rz_pvector_push(p->il_ops, &hex_endloop0_op);
 	} else if (hex_get_loop_flag(p) == HEX_LOOP_1) {
-		op = RZ_NEW0(HexILOp);
-		op->attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND;
-		op->get_il_op = (HexILOpGetter)hex_il_op_j2_endloop1;
-		rz_pvector_push(p->il_ops, op);
+		rz_pvector_push(p->il_ops, &hex_endloop1_op);
 	} else if (hex_get_loop_flag(p) == HEX_LOOP_01) {
-		op = RZ_NEW0(HexILOp);
-		op->attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND;
-		op->get_il_op = (HexILOpGetter)hex_il_op_j2_endloop01;
-		rz_pvector_push(p->il_ops, op);
+		rz_pvector_push(p->il_ops, &hex_endloop01_op);
 	}
 
 	// Add a jump to the next packet.
-	op = RZ_NEW0(HexILOp);
-	op->attr = HEX_IL_INSN_ATTR_BRANCH | HEX_IL_INSN_ATTR_COND;
-	op->get_il_op = (HexILOpGetter)hex_il_op_next_pkt_jmp;
-	rz_pvector_push(p->il_ops, op);
-
-	op = RZ_NEW0(HexILOp);
-	op->attr = HEX_IL_INSN_ATTR_NONE;
-	op->get_il_op = (HexILOpGetter)hex_commit_packet;
-	rz_pvector_push(p->il_ops, op);
+	rz_pvector_push(p->il_ops, &hex_next_jump_to_next_pkt);
+	rz_pvector_push(p->il_ops, &hex_pkt_commit);
 
 	check_for_jumps(p, &might_has_jumped);