Update stable to 0.7.4 with patches

.builds/openbsd.yml

@@ -14,8 +14,9 @@ sources:
 hottub_trigger: '^(dev|stable|bsd-.+|dist-.+)$'
 tasks:
     - rzpipe: |
-        /usr/local/bin/python3 -m ensurepip --user
-        /usr/local/bin/python3 -m pip install --user 'git+https://github.com/rizinorg/rz-pipe#egg=rzpipe&subdirectory=python'
+        /usr/local/bin/python3 -m venv .venv
+        source .venv/bin/activate
+        python3 -m pip install 'git+https://github.com/rizinorg/rz-pipe#egg=rzpipe&subdirectory=python'
     - build: |
         cd rizin
         meson setup --prefix=${HOME} build
@@ -37,11 +38,12 @@ tasks:
         # Running the unit tests
         MALLOC_OPTIONS=CFGU ninja -C build test
     - test: |
-        /usr/local/bin/python3 -m pip install --user requests
         cd rizin
         export PATH=${HOME}/bin:/usr/local/bin:${PATH}
         export LD_LIBRARY_PATH=${HOME}/lib:${HOME}/lib64:${LD_LIBRARY_PATH}
         export PKG_CONFIG_PATH=${HOME}/lib/pkgconfig:${PKG_CONFIG_PATH}
+        source ../.venv/bin/activate
+        python3 -m pip install requests
         # Workaround until the feature request is solved
         # https://todo.sr.ht/~sircmpwn/builds.sr.ht/274
         ln -s ${HOME}/rizin-testbins test/bins

.github/workflows/ci.yml

@@ -306,6 +306,9 @@ jobs:
           fi
           cd test
           rz-test -LF bins/fuzzed @fuzz
+          # some fuzzed bins are mem hungry and are killed by the runner.
+          # running them one threaded allows to be check them
+          rz-test -j1 -LF bins/fuzzed-memhungry @fuzz
         env:
           ASAN: ${{ matrix.asan }}
           ASAN_OPTIONS: ${{ matrix.asan_options }}
@@ -323,6 +326,10 @@ jobs:
     if: contains(github.head_ref, 'dist') || contains(github.head_ref, 'centos') || contains(github.ref, 'release-') || github.ref == 'refs/heads/stable' || github.event_name == 'schedule'
     container: centos:7
     steps:
+      - name: Fix mirrors list
+        run: |
+          sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
+          sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
       - name: Install tools
         run: yum install -y patch unzip git gcc make python3-pip
         # Pin Meson to the last version stil supporting Python 3.6
@@ -490,7 +497,11 @@ jobs:
           ASAN: true
           ASAN_OPTIONS: detect_leaks=0,detect_odr_violation=0,allocator_may_return_null=1
       - name: Run fuzz tests
-        run: rz-test -LF bins/fuzzed @fuzz
+        run: |
+          rz-test -LF bins/fuzzed @fuzz
+          # some fuzzed bins are mem hungry and are killed by the runner.
+          # running them one threaded allows to be check them
+          rz-test -j1 -LF bins/fuzzed-memhungry @fuzz
         working-directory: rizin/test
         env:
           ASAN: true

.github/workflows/muon.yml

@@ -55,7 +55,7 @@ jobs:
       working-directory: muon
       run: |
           ./bootstrap.sh build
-          build/muon setup build
+          build/muon-bootstrap setup build
           ninja -C build
           sudo cp build/muon /usr/bin/muon
 

.gitignore

@@ -123,6 +123,7 @@ subprojects/lz4-*/
 subprojects/packagecache/
 subprojects/sdb/
 subprojects/tree-sitter-*/
+subprojects/rizin-grammar-*/
 subprojects/zlib-*/
 subprojects/sigdb/
 subprojects/libdemangle/

librz/analysis/p/analysis_cris.c

@@ -4,10 +4,15 @@
 #include <rz_asm.h>
 #include <rz_lib.h>
 
+#define CRIS_MIN_OP_SIZE 2
+
 static int analyze_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask) {
 	int opsize = -1;
 	op->type = -1;
-	opsize = 2;
+	opsize = CRIS_MIN_OP_SIZE;
+	if (len < CRIS_MIN_OP_SIZE) {
+		return -1;
+	}
 	switch (buf[0]) {
 	case 0x3f:
 	case 0x4f:

librz/bin/format/mach0/coresymbolication.c

@@ -256,7 +256,7 @@ RZ_API RzCoreSymCacheElement *rz_coresym_cache_element_new(RzBinFile *bf, RzBuff
 			if (cursor >= upper_boundary) {
 				goto beach;
 			}
-			ut64 sect_name_off = rz_read_ble(cursor, false, bits);
+			size_t sect_name_off = rz_read_ble(cursor, false, bits);
 			if (!i && !sect_name_off) {
 				relative_to_strings = true;
 			}
@@ -265,7 +265,10 @@ RZ_API RzCoreSymCacheElement *rz_coresym_cache_element_new(RzBinFile *bf, RzBuff
 				cursor += word_size;
 			}
 			string_origin = relative_to_strings ? b + start_of_strings : sect_start;
-			sect->name = str_dup_safe(b, string_origin + (size_t)sect_name_off, end);
+			if (string_origin + sect_name_off >= end) {
+				goto beach;
+			}
+			sect->name = str_dup_safe(b, string_origin + sect_name_off, end);
 		}
 	}
 	if (hdr->n_symbols) {

librz/bin/format/mach0/dyldcache.c

@@ -319,6 +319,9 @@ static void populate_cache_maps(RzDyldCache *cache) {
 		return;
 	}
 	cache_map_t *maps = RZ_NEWS0(cache_map_t, n_maps);
+	if (!maps) {
+		return;
+	}
 
 	ut32 next_map = 0;
 	ut32 last_idx = UT32_MAX;

librz/core/analysis_objc.c

@@ -149,7 +149,7 @@ static bool objc_build_refs(RzCoreObjc *objc) {
 		RZ_LOG_ERROR("aao: Cannot read the whole const section %zu\n", ss_const);
 		return false;
 	}
-	for (off = 0; off + word_size < ss_const; off += word_size) {
+	for (off = 0; off + word_size < ss_const && (off + 8) < maxsize; off += word_size) {
 		ut64 va = va_const + off;
 		ut64 xrefs_to = rz_read_le64(buf + off);
 		if (isValid(xrefs_to)) {
@@ -160,7 +160,7 @@ static bool objc_build_refs(RzCoreObjc *objc) {
 		RZ_LOG_ERROR("aao: Cannot read the whole selrefs section\n");
 		return false;
 	}
-	for (off = 0; off + word_size < ss_selrefs; off += word_size) {
+	for (off = 0; off + word_size < ss_selrefs && (off + 8) < maxsize; off += word_size) {
 		ut64 va = va_selrefs + off;
 		ut64 xrefs_to = rz_read_le64(buf + off);
 		if (isValid(xrefs_to)) {

librz/debug/p/native/bsd/bsd_debug.c

@@ -64,9 +64,10 @@ static void addr_to_string(struct sockaddr_storage *ss, char *buffer, int buflen
 
 int bsd_handle_signals(RzDebug *dbg) {
 #if __KFBSD__ || __NetBSD__
+	siginfo_t siginfo;
+#if __KFBSD__
 	// Trying to figure out a bit by the signal
 	struct ptrace_lwpinfo linfo = { 0 };
-	siginfo_t siginfo;
 	int ret = ptrace(PT_LWPINFO, dbg->pid, (char *)&linfo, sizeof(linfo));
 	if (ret == -1) {
 		if (errno == ESRCH) {
@@ -83,7 +84,6 @@ int bsd_handle_signals(RzDebug *dbg) {
 		return 0;
 	}
 
-#if __KFBSD__
 	siginfo = linfo.pl_siginfo;
 #else
 	struct ptrace_siginfo sinfo = { 0 };
@@ -108,6 +108,13 @@ int bsd_handle_signals(RzDebug *dbg) {
 	case SIGSEGV:
 		dbg->reason.type = RZ_DEBUG_REASON_SEGFAULT;
 		break;
+#if __NetBSD__
+	case SIGTRAP:
+		if (siginfo.si_code == TRAP_BRKPT) {
+			dbg->reason.type = RZ_DEBUG_REASON_BREAKPOINT;
+		}
+		break;
+#endif
 	}
 
 	return 0;
@@ -211,16 +218,19 @@ RzDebugInfo *bsd_info(RzDebug *dbg, const char *arg) {
 		rdi->gid = kp->p__pgid;
 		rdi->exe = strdup(kp->p_comm);
 
-		rdi->status = RZ_DBG_PROC_STOP;
-
-		if (kp->p_psflags & PS_ZOMBIE) {
-			rdi->status = RZ_DBG_PROC_ZOMBIE;
-		} else if (kp->p_psflags & PS_STOPPED) {
+		switch (kp->p_stat) {
+		case SDEAD:
+			rdi->status = RZ_DBG_PROC_DEAD;
+			break;
+		case SSTOP:
 			rdi->status = RZ_DBG_PROC_STOP;
-		} else if (kp->p_psflags & PS_PPWAIT) {
+			break;
+		case SSLEEP:
 			rdi->status = RZ_DBG_PROC_SLEEP;
-		} else if ((kp->p_psflags & PS_EXEC) || (kp->p_psflags & PS_INEXEC)) {
+			break;
+		default:
 			rdi->status = RZ_DBG_PROC_RUN;
+			break;
 		}
 	}
 

librz/include/rz_types_base.h

@@ -4,7 +4,19 @@
 #include <ctype.h>
 #include <sys/types.h>
 #include <limits.h>
+
+#if defined(_MSC_VER)
+// required to forbid the declaration
+// of __ucrt_int_to_float which is
+// included from 10.0.25182.0, where
+// `math.h` includes `corecrt_math.h`
+#define __midl
+#endif
 #include <math.h>
+#if defined(_MSC_VER)
+// remove __midl
+#undef __midl
+#endif
 
 #define cut8  const unsigned char
 #define ut64  unsigned long long

librz/main/rizin.c

@@ -1257,10 +1257,6 @@ RZ_API int rz_main_rizin(int argc, const char **argv) {
 			ret = 1;
 			goto beach;
 		}
-		if (r->bin->cur && r->bin->cur->o && r->bin->cur->o->info && r->bin->cur->o->info->rclass && !strcmp("fs", r->bin->cur->o->info->rclass)) {
-			const char *fstype = r->bin->cur->o->info->bclass;
-			rz_core_cmdf(r, "m /root %s @ 0", fstype);
-		}
 		// initalize io subsystem
 		char *res = rz_io_system(r->io, NULL);
 		if (res) {

meson.build

@@ -1,5 +1,5 @@
 project('rizin', 'c',
-  version: 'v0.7.3',
+  version: 'v0.7.4',
   license: 'LGPL3',
   meson_version: '>=0.55.0',
   default_options: [

snapcraft.yaml

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: LGPL-3.0-only
 
 name: rizin
-version: '0.7.3'
+version: '0.7.4'
 base: core18
 summary: Rizin reverse engineering framework and tool
 description: |
@@ -58,7 +58,7 @@ apps:
 parts:
   rizin:
     source: https://github.com/rizinorg/rizin.git
-    source-tag: '0.7.3'
+    source-tag: '0.7.4'
     plugin: meson
     meson-parameters: [--prefix=/usr]
     override-build: |

test/db/archos/linux-x64/dbg_dmh

@@ -27,15 +27,15 @@ EOF
 REGEXP_FILTER_OUT=(status=[a-z]+)|(size=0x[a-f0-9]+)
 EXPECT=<<EOF
 status=allocated
-size=0x12010
+size=0x11c10
 status=free
-size=0xed60
+size=0xf160
 status=allocated
-size=0x12010
+size=0x11c10
 status=allocated
 size=0x20
 status=free
-size=0xed40
+size=0xf140
 EOF
 RUN