What steps will reproduce the problem?
1. Call androguard/core/bytecodes/dvm.py:readsleb128(buff) on a buffer
containing a multi-byte encoded number in which the the most significant bit of
the leading byte in the buffer is set to 1.
What is the expected output? What do you see instead?
The first line (215):
result = unpack( '=b', buff.read(1) )[0]
The call to unpack formats the read byte to a signed integer, so if the byte is
greater than 0x7f, then the value of result will be a negative number (and not
a positive integer greater than 0x7f). The if statement (if result <= 0x7f :)
in the line (217) will always be true, which is incorrect. The rest of the
existing function logic assumes that the value of "result" is an unsigned
integer, which yields incorrect results since "result" is being converted to a
negative integer through "=b".
What version of the product are you using? On what operating system?
Androguard 1.9 on Ubuntu 14.04
This problem can be fixed by changing the unpack format string to "=B" for an
unsigned conversion. Similarly, the other format strings in the remainder of
the function should also be converted to "=B".
Original issue reported on code.google.com by kristo...@gmail.com on 6 Jan 2015 at 6:47
Original issue reported on code.google.com by
kristo...@gmail.comon 6 Jan 2015 at 6:47