Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
(made with https://codeeval.dev)
--- C:\Users\kjk\src\sumatrapdf\ext\unrar\arcread.cpp --------------------------
00EA1A50 push ebp
00EA1A51 mov ebp,esp
00EA1A53 and esp,0FFFFFFE0h
00EA1A56 sub esp,18h
// Once we failed to decrypt an encrypted block, there is no reason to
// attempt to do it further. We'll never be successful and only generate
// endless errors.
if (FailedHeaderDecryption)
00EA1A59 lea edx,[ecx+7DF5h]
00EA1A5F mov dword ptr [esp+10h],ecx
00EA1A63 mov eax,edx
00EA1A65 mov dword ptr [esp+14h],edx
00EA1A69 shr eax,3
00EA1A6C push esi
00EA1A6D push edi
00EA1A6E mov ah,byte ptr [eax+30000000h]
00EA1A74 test ah,ah
00EA1A76 je Archive::ReadHeader+41h (0EA1A91h)
00EA1A78 mov al,dl
00EA1A7A and al,7
00EA1A7C cmp al,ah
00EA1A7E jl Archive::ReadHeader+41h (0EA1A91h)
00EA1A80 push edx
00EA1A81 call __asan_report_load1 (010DD190h)
00EA1A86 mov ecx,dword ptr [esp+1Ch]
00EA1A8A add esp,4
00EA1A8D mov edx,dword ptr [esp+1Ch]
00EA1A91 cmp byte ptr [edx],0
00EA1A94 je Archive::ReadHeader+4Eh (0EA1A9Eh)
return 0;
00EA1A96 xor eax,eax
}
00EA1A98 pop edi
00EA1A99 pop esi
00EA1A9A mov esp,ebp
00EA1A9C pop ebp
00EA1A9D ret
Crashes trying to access Archive:FailedHeaderDecryption but that eax+300000000h is totally bogus. Looks like mis-compilation.
This is without asan:
size_t Archive::ReadHeader()
{
00384E50 push ebp
00384E51 mov ebp,esp
00384E53 and esp,0FFFFFFF8h
00384E56 push ecx
00384E57 push esi
00384E58 mov esi,ecx
// Once we failed to decrypt an encrypted block, there is no reason to
// attempt to do it further. We'll never be successful and only generate
// endless errors.
if (FailedHeaderDecryption)
00384E5A cmp byte ptr [esi+7DF5h],0
00384E61 je Archive::ReadHeader+1Ah (0384E6Ah)
return 0;
00384E63 xor eax,eax
}
00384E65 pop esi
00384E66 mov esp,ebp
00384E68 pop ebp
00384E69 ret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.