393 if (dict)
394 {
395 if (sym)
396 {
397 DEBG("%s = %s\n", sym->getCStringNoCopy(), o->getMetaClass()->getClassName());
398 if (o != dict) ok = dict->setObject(sym, o);
399 o->release();
400 sym->release();
401 sym = 0;
402 }
403 else
404 {
405 sym = OSDynamicCast(OSSymbol, o);
406 ok = (sym != 0);
407 }
408 }
if (o != dict) ok = dict->setObject(sym, o, true);
--- OSSerializeBinary.cpp 2016-05-09 22:28:11.000000000 +0200
+++ OSSerializeBinaryPatched.cpp 2016-09-05 16:19:03.000000000 +0200
@@ -237,19 +237,21 @@
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-#define setAtIndex(v, idx, o) \
+#define setAtIndex(v, idx, o, max) \
if (idx >= v##Capacity) \
{ \
- uint32_t ncap = v##Capacity + 64; \
- typeof(v##Array) nbuf = (typeof(v##Array)) kalloc_container(ncap * sizeof(o)); \
- if (!nbuf) ok = false; \
- if (v##Array) \
- { \
- bcopy(v##Array, nbuf, v##Capacity * sizeof(o)); \
- kfree(v##Array, v##Capacity * sizeof(o)); \
- } \
- v##Array = nbuf; \
- v##Capacity = ncap; \
+ if (v##Capacity < max) { \
+ uint32_t ncap = v##Capacity + 64; \
+ typeof(v##Array) nbuf = (typeof(v##Array)) kalloc_container(ncap * sizeof(o)); \
+ if (!nbuf) ok = false; \
+ if (v##Array) \
+ { \
+ bcopy(v##Array, nbuf, v##Capacity * sizeof(o));\
+ kfree(v##Array, v##Capacity * sizeof(o)); \
+ } \
+ v##Array = nbuf; \
+ v##Capacity = ncap; \
+ } else ok = false; \
} \
if (ok) v##Array[idx] = o;
@@ -338,13 +340,12 @@
case kOSSerializeObject:
if (len >= objsIdx) break;
o = objsArray[len];
- o->retain();
isRef = true;
break;
case kOSSerializeNumber:
bufferPos += sizeof(long long);
- if (bufferPos > bufferSize) break;
+ if (bufferPos > bufferSize || ((len != 32) && (len != 64) && (len != 16) && (len != 8))) break;
value = next[1];
value <<= 32;
value |= next[0];
@@ -354,7 +355,7 @@
case kOSSerializeSymbol:
bufferPos += (wordLen * sizeof(uint32_t));
- if (bufferPos > bufferSize) break;
+ if (bufferPos > bufferSize || len < 2) break;
if (0 != ((const char *)next)[len-1]) break;
o = (OSObject *) OSSymbol::withCString((const char *) next);
next += wordLen;
@@ -386,8 +387,11 @@
if (!isRef)
{
- setAtIndex(objs, objsIdx, o);
- if (!ok) break;
+ setAtIndex(objs, objsIdx, o, 0x1000000);
+ if (!ok) {
+ o->release();
+ break;
+ }
objsIdx++;
}
@@ -395,33 +399,35 @@
{
if (sym)
{
- DEBG("%s = %s\n", sym->getCStringNoCopy(), o->getMetaClass()->getClassName());
- if (o != dict) ok = dict->setObject(sym, o, true);
- o->release();
- sym->release();
- sym = 0;
+ OSSymbol *sym2 = OSDynamicCast(OSSymbol, sym);
+ if (!sym2 && (str = OSDynamicCast(OSString, sym)))
+ {
+ sym2 = (OSSymbol *) OSSymbol::withString(str);
+ ok = (sym2 != 0);
+ if (!sym2) break;
+ }
+
+ if (o != dict) ok = dict->setObject(sym2, o);
+ if (sym2 && sym2 != sym) {
+ sym2->release();
+ }
}
else
{
- sym = OSDynamicCast(OSSymbol, o);
- if (!sym && (str = OSDynamicCast(OSString, o)))
- {
- sym = (OSSymbol *) OSSymbol::withString(str);
- o->release();
- o = 0;
- }
- ok = (sym != 0);
+ sym = o;
}
}
else if (array)
{
ok = array->setObject(o);
- o->release();
}
else if (set)
{
- ok = set->setObject(o);
- o->release();
+ ok = set->setObject(o);
+ }
+ else if (result)
+ {
+ ok = false;
}
else
{
@@ -436,7 +442,7 @@
if (!end)
{
stackIdx++;
- setAtIndex(stack, stackIdx, parent);
+ setAtIndex(stack, stackIdx, parent, 0x10000);
if (!ok) break;
}
DEBG("++stack[%d] %p\n", stackIdx, parent);
@@ -462,15 +468,19 @@
}
}
}
- DEBG("ret %p\n", result);
-
- if (objsCapacity) kfree(objsArray, objsCapacity * sizeof(*objsArray));
- if (stackCapacity) kfree(stackArray, stackCapacity * sizeof(*stackArray));
- if (!ok && result)
+ if (!ok)
{
- result->release();
result = 0;
}
+ if (objsCapacity) {
+ uint32_t i;
+ for (i = (result?1:0); i < objsIndx; i++) {
+ objsArray[i]->release();
+ }
+ kfree(objsArray, objsCapacity * sizeof(*objsArray));
+ }
+ if (stackCapacity) kfree(stackArray, stackCapacity * sizeof(*stackArray));
+
return (result);
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
