weaiken / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
0 stars 0 forks source link

Incorrect Sign Conversion for readsleb128 #172

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Call androguard/core/bytecodes/dvm.py:readsleb128(buff) on a buffer 
containing a multi-byte encoded number in which the the most significant bit of 
the leading byte in the buffer is set to 1.

What is the expected output? What do you see instead?
The first line (215):

   result = unpack( '=b', buff.read(1) )[0]

The call to unpack formats the read byte to a signed integer, so if the byte is 
greater than 0x7f, then the value of result will be a negative number (and not 
a positive integer greater than 0x7f).  The if statement (if result <= 0x7f :) 
in the line (217) will always be true, which is incorrect. The rest of the 
existing function logic assumes that the value of "result" is an unsigned 
integer, which yields incorrect results since "result" is being converted to a 
negative integer through "=b".

What version of the product are you using? On what operating system?
Androguard 1.9 on Ubuntu 14.04

This problem can be fixed by changing the unpack format string to "=B" for an 
unsigned conversion.  Similarly, the other format strings in the remainder of 
the function should also be converted to "=B".

Original issue reported on code.google.com by kristo...@gmail.com on 6 Jan 2015 at 6:47