GP-6711 img3 and vdex checking

2026-04-25 17:25:17 +02:00 · 2026-04-17 18:26:38 +00:00
parent 5a209ba931
commit 9a68723953
4 changed files with 18 additions and 4 deletions
--- a/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/vdex/headers/VdexHeader_006.java
+++ b/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/vdex/headers/VdexHeader_006.java
@@ -70,6 +70,9 @@ public class VdexHeader_006 extends VdexHeader {
 			dexHeaderList.add(DexHeaderFactory.getDexHeader(tmpReader));
 			tmpReader.setPointerIndex(0);
 			int length = DexHeaderQuickMethods.getDexLength(tmpReader);
+			if (length <= 0) {
+				throw new IOException("Bad Dex length: " + length);
+			}
 			dexHeaderStartsList.add(index);
 			reader.setPointerIndex(index + length);
 		}
--- a/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/vdex/headers/VdexHeader_019.java
+++ b/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/vdex/headers/VdexHeader_019.java
@@ -25,7 +25,8 @@ import ghidra.file.formats.android.dex.DexHeaderFactory;
 import ghidra.file.formats.android.dex.format.DexHeader;
 import ghidra.file.formats.android.vdex.*;
 import ghidra.file.formats.android.vdex.sections.DexSectionHeader_002;
-import ghidra.program.model.data.*;
+import ghidra.program.model.data.DataType;
+import ghidra.program.model.data.Structure;
 import ghidra.util.exception.CancelledException;
 import ghidra.util.exception.DuplicateNameException;
 import ghidra.util.task.TaskMonitor;
@@ -74,6 +75,9 @@ public class VdexHeader_019 extends VdexHeader {
 				DexHeader cdexHeader = DexHeaderFactory.getDexHeader(wrappedReader);
 				dexHeaderList.add(cdexHeader);

+				if (cdexHeader.getFileSize() <= 0) {
+					throw new IOException("Bad cdex header length: " + cdexHeader.getFileSize());
+				}
 				reader.setPointerIndex(index + cdexHeader.getFileSize());
 			}
 		}
--- a/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/vdex/headers/VdexHeader_021.java
+++ b/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/vdex/headers/VdexHeader_021.java
@@ -25,7 +25,8 @@ import ghidra.file.formats.android.dex.DexHeaderFactory;
 import ghidra.file.formats.android.dex.format.DexHeader;
 import ghidra.file.formats.android.vdex.*;
 import ghidra.file.formats.android.vdex.sections.DexSectionHeader_002;
-import ghidra.program.model.data.*;
+import ghidra.program.model.data.DataType;
+import ghidra.program.model.data.Structure;
 import ghidra.util.exception.CancelledException;
 import ghidra.util.exception.DuplicateNameException;
 import ghidra.util.task.TaskMonitor;
@@ -79,6 +80,9 @@ public class VdexHeader_021 extends VdexHeader {
 				DexHeader cdexHeader = DexHeaderFactory.getDexHeader(wrappedReader);
 				dexHeaderList.add(cdexHeader);

+				if (cdexHeader.getFileSize() <= 0) {
+					throw new IOException("Bad cdex header length: " + cdexHeader.getFileSize());
+				}
 				reader.setPointerIndex(index + cdexHeader.getFileSize());
 			}
 		}
--- a/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/ios/img3/Img3.java
+++ b/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/ios/img3/Img3.java
@@ -51,8 +51,11 @@ public class Img3 implements StructConverter {

 			AbstractImg3Tag tag = Img3TagFactory.get(reader);
 			_tags.add( tag );
-
-			reader.setPointerIndex(index + tag.getTotalLength());
+			int tagLen = tag.getTotalLength();
+			if (tagLen <= 0) {
+				throw new IOException("Bad Img3 tag length: " + tagLen);
+			}
+			reader.setPointerIndex(index + tagLen);
 		}
 	}