Skip to content

5.8.6
Compare
Choose a tag to compare
@github-actions github-actions released this 05 May 21:06
5.8.6
3c9ad15

Release Notes

Version: 5.8.6
Previous: 5.8.4
Commits: 295
Contributors: 23

Highlights

More details

Authors

AlexanderKucherov CorruptedVor Francesco Tamagni Hripsimee Ildar Ildar Sadykov Leopold Luc Tielen Luc Tielen Mewt R MewtR R Sylvain Pelissier Yedidyah Bar David Yuvraj Saxena Zhipeng Xue echel0n pancake pancake rgc semgrep.dev on behalf of @trufae theNKCode tsunekoh

Changes

anal

  • Handle 'int 0x20' as eob on x86-16 (assume DOS)
  • Fix null deref in arm32 calling conventions via 'aaef'
  • Handle more noreturn functions
  • RAnal.cur can be now set to NULL
  • Fix aae logic for mem read xrefs
  • Fix #21576 - Function stack frame size in case of FP register in a Thumb's PUSH
  • Improved instruction mask using the new aobm and anal.mask
  • Support big endian value search analysis (aav)
  • Fix null deref in signatures when using corrupted analysis info
  • Hide meaningless AnalOp fields in ao/aoj

analysis

  • Handle 'int 0x20' as eob on x86-16 (assume DOS)
  • Fix null deref in arm32 calling conventions via 'aaef'
  • Handle more noreturn functions

api

  • Deprecate r_str_cmp()
  • Rename R_CONST to R_TAG and add unit tests for them

arch

  • Migrate tms320 plugin
  • Cleanup global state in mips gnu plugin
  • Migrate mips gnu plugin
  • Migrate chip8
  • Handle the arch.decode default size and mnemonic on failure
  • Migrate xcore plugin
  • Migrate m68k_cs plugin
  • Migrate 6502_cs plugin
  • Migrate m68k_cs plugin
  • Refactor global state in loongarch plugin
  • Migrate loongarch plugin
  • Handle RArch.getRegProfile() from RAnal.setRegProfile
  • Fix the wrong plugin used after failed arch.encoding
  • Rename arch.arm plugin 'arch.arm.nz'
  • Use plugin name instead of arch name to fallback
  • Propagate endian settings
  • Honor RArch.setBits via RAnal.setBits
  • Support fatmachos with slices using arch plugins
  • Improve automatch plugin with encoder support
  • Resolve ${arch}.nz as fallback when finding an assembler peer
  • Remove '#' sign before immediates in the snes9x disassembler
  • Fix 1 byte oobread in the wasm disassembler
  • Migrate s390.cs and fix the abidiff suppression rules
  • Migrate the ppc.gnu plugin
  • Migrate m68k_gnu plugin
  • Improve the riscv analysis
    • Fix esil emulation for riscv's jr/li/mv
  • Migrate S390 GNU plugin
  • Dont use strtok in the riscv plugin
  • Migrate the hppa.gnu
  • Migrate the sparc.gnu plugin
  • Improve brainfuck VM using ESIL and arch restrictions
  • Migrate the brainfuck
  • Remove unneeded line in meson build after plugin migration
  • Migrate h8300 plugin
  • Migrate the pyc plugin
  • Migrate msp430 plugin
  • Fix archinfo for v810
  • Add wip archinfo and wip regs and make mcs96 an arch plugin
  • Migrate ebc plugin
  • Migrate lh5801 plugin + add missing regprofile
  • Migrate the pdp11 plugin
  • Migrate arc
  • Expose the value of arm's ADD in op.val
  • Implement wao nop for riscv
  • Migrate arm.v35

asm

  • Implement 'call [rip+X]' for x86.nz and add tests
  • Fix UB in signed type shift left on arm64 assembler
  • Fix tb instruction for ARM assembler

bin

  • Fix double free in elf loader
  • Fix memory leak in mach0 relocs
  • Fix memory leak in xtr fatmach0 metadata
  • Fix memory leak in elf loader
  • Fix compile warnings for elf loader
  • Improve handling of nindirectsyms for corrupt macho binaries
  • Fix crash due to int overflow loading mach0
  • Refactor / improve loading of ELF symbols + imports
  • Shorten path on invalid fatmachos fixing a recent null precondition check
  • Better use of preconditions and r_log in fatmach0
  • Refactor loading of elf fields
  • Refactor loading of elf libs
  • Refactor elf loading of relocs
  • Refactor even more loading of elf sections
  • Refactor elf loading of sections
  • Refactor mach0 loading of relocs
  • Silent warning on empty dwarf blocks
  • Unused var had a meaning in the xnu kernelcache parser
  • Refactor loading of mach0 sections
  • Conditionally parse mach0 start symbols
  • Fix bug wrongly casting dyld/kernelcache to mach0
  • Remove code, port dyld + kernel cache to new API
  • Fix UAF in the p9 parser
  • Refactor loading of mach0 symbols
  • Refactor loading of mach0 libraries
  • Implement review remarks for mach0 import parsing
  • Refactor mach0 loading of imports
  • Refactor string comparisons in macho parser
  • Add demangled column in the symbol listing
  • Add LC_AOT_METADATA parsing support for mach0
  • Reuse recusion in c++ demangling with lower bounds
  • Fix some oobread bugs in the ELF parser
  • Initial steps to support column details in dbginfo
  • Optimize dwarf parser reducing getsection for strp
  • Remove global in the DWARF parser
  • More ELF cleanups on the symbol allocation logic
  • Minor cleanup in the ELF parser
  • Fix Mach-O symbol parsing in dyldcache
  • Blind ELF fixes
  • ZeroPad addresses in iSq and iSSq

build

  • Fix some -fvisibility=hidden issues
  • Fix meson -Dnogpl=true compilation
  • Update to the latest wasi-sdk-20
  • Fix R_SYS_ARCH name for native s390x
  • Fix r2r build when doing static linking
  • Fix SocketNotificationRetrieveEvents already defined issue
  • Make sys/sanitize be aware of the memory sanitize check
  • Fix #21375 also for linux-arm-64.sdb syscalls with meson
  • getcpu is reserved by linux's sched.h
  • meson support for smallz4, relates to #19849
  • Use Smallz4 instead of liblz4 which is optional

ci

  • Add crosscompiled arm64 debian builds
  • Add arm64, riscv64 and s390x qemu builds
  • Move the tarball distribution code into dist/tarball

cons

  • Fix #17194 - Fix 'e scr.pager=..' to set the internal pager
  • Add greepy color theme (green + pink + white) glitch-style
  • Add support for ""ec in theme files

core

  • Fixes the bfbug losing arch setup after o malloc

crash

  • Fix double-free in r2pm when no python bin in path
  • Fix oobread in /v
  • Fix 2byte oobread in /a subcommands
  • Fix null deref on null :: command via fuzzing
  • Fix null deref on fuzzed thready command execution
  • Fix null deref in unaligned arm thumb instruction via /ad
  • Fix oom bugs in the XTAC parser
  • Fix large memory allocations on corrupted LE binaries
  • Fix infinite loop in the GNU C++ demangler
  • Track recursivity calls in the HFS parser to prevent stack exhaution
  • Fix oobread bug in asn1/pkcs7 parser
  • Fix uninitialized field accesses on corrupted DEX
  • Fix UB with uninitialized read in dwarf parser
  • Fix infinite loading time in minidump file
  • Fix unaligned pointer access in sha256
  • Fix division by zero in the HFS parser
  • Fix oobread segfault in the grub's HFS parser
  • Fix ininite loop in the ext2 grub code (DDoS)
  • Fix 8 byte oobread on pkcs7 parser
  • Fix UAF in the dwarf parser
  • Fix non-null-terminated string in dwarf
  • Fix null deref in the dyldcache
  • Fix oobread in swift field parser
  • Fix 4 byte oobread in objc analysis on 32bit binaries
  • Fix oobread in dwarf parser
  • Fix oobread crash in the visual bit pixel editor
  • Another dwarf null deref
  • Fix oobread in the xcoff64 parser
  • Fix an 1byte oobread in the pyc plugin
  • Avoid large allocation in the elf parser
  • Check for null pointers in uleb and dwarf
  • Fix oobread in omu command
  • Fix large allocation bug in the elf version parser
  • Fix null derefs in the dwarf parser
  • Fix oobread in the msvc demangler

dalvik

  • Fix two UB bugs doing left-shift on signed type

debug

  • Warn the user when using dd/dm/di without a child
  • Fix 64bit column register listing glitch
  • Allow 'dcu main' even if there's a 'db main' already set
  • Implement dtj command to list debug traces in JSON format
  • Fix null deref in dtd when the process is dead
  • Fix status register in the regprofile for darwin-arm64
  • Dont display the cpu flags if the arch doesn't support them
  • Adjust bpcount and use typedefs instead of structs in bps
  • Define RISCV breakpoint instructions
  • Native debugger for OpenBSD and NetBSD on arm64
  • Add cmd.step config var to run a command after every debugger step
  • Partial fixes for better register profile and arch switching handling

diff

  • Initial implementation of the 'cgfa' command

disasm

  • Do not draw ref lines of invalid branches
  • Fix asm.pseudo for arm64's stur instruction
  • Implement pseudo for riscv's 'auipc' instruction
  • Fix '\xff' strings issue in bsd-rv64/arm64

dwarf

  • Implement parsing optimization for dwarf5
  • Store column information in the addr2line database

esil

  • Fix UB when shifting value too far left
  • Fix bounds checks for ESIL and reg values
  • Implement 128bit regstore esil emulation
  • Dont emulate null instruction types, causing invalid analysis
  • Fix #21564 - 128bit support via [16] and RReg for arm64
  • Implement 'aoem' command to show memory refs via emulation
  • Move the esil #! r2 command as an op instead of parse

fs

  • Add test and fix oobread in the hfs parser

graph

  • Improve color support in graphviz, still wip

hash

  • Add elf hash planned for r2-5.9.0

io

  • Fix #21705 - check r_io_plugin_add return value and freed unused allocated memory
  • Implement zip0:// uri handler
  • Large null:// allocation causing negative pointer issues on iobank
  • Support wcu command for new io cache
  • Implement wcf command for new io cache
  • Fix segmentation fault when listing cache entries before init
  • Fix usage of cache in pde command
  • Prevent multiple initializations of cache
  • Fix cloning of cache
  • Retain order of writes to cache during clone
  • Fix list bug in new cache
    • Change written flag to a bool in new cache
  • Fix memcpy bug in the new cache

json

  • Fix wrong json key string (refs to name) in anal_axg

lang

  • Better typescript entrypoint support and fake r2pipe
  • Support running typescript files without r2's Gmain
  • frida-compile bundles can contain anything, we only interpret/load the .js ones

panels

  • Support JK scrolling (+-5 lines) in modals

performance

  • Branch prediction optimizations (3/3)
  • Branch prediction optimizations (2/3)
  • Branch prediction optimizations (1/3)

print

  • Improve RTable trailing spaces
  • Fix trailing spaces in table
  • Implement 'piE' command, like 'pie' but for bytes instead of ops

r2pm

  • Move and update r2docker into dist/docker
    • Update to Debian:11, add README for r2docker
  • Prefix tar flags with a dash for portability reasons

reg

  • Fix bounds checks for ESIL and reg values
  • Add support for LE/BE 24 bit registers
  • Fix RReg.setValue on 128bit registers

search

  • Faster aap on large empty maps
  • Add search.badpage to customize badpage scan

shell

  • Better LA/Ll listings
  • Implement the -L command
  • Autocomplete -e inside r2
  • Sync output from rax2 -r and r2's ? val
  • Implement jq command as an alias for !jq
  • Add build optimization and precondition check levels in -v
  • Reuse RStr.version() from r2's '?V'/'-v'
  • Show '(asan)' in r2 -v when runnin sanitized builds
  • Implement 'uname -a' flag
  • Add -v, -vj and the 'r2.' command as a short for js oneliners
  • Add ?ee and ?ei command for stderr echos
  • Always use the return value of RTable.query()
  • Dont list symbols when using is,:help
  • Add rasm2 -N to mimmic the r2 -N flag
  • Use r2 -NN from r2r and extend the env for rasm2/rabin2
  • Use more R_LOG instead of eprintfs in some commands
  • Fix null deref in dte
  • Add -V command as an alias for ?V

signatures

  • Add experimental zign.mangled to not use demmangled symbol names
  • Use "" command syntax for the z* output
  • Filter zignature names before validation

util

  • Fix UAF in RStr.replaceIcase() spotted by coverity

visual

  • Experimental graph debugger layout
  • Fix #21658 - Fix zoom mode glitch in panels
  • Only run 'diq' in visual when cfg.debug

webui

  • Add r2bolt webui PoC

write

  • Implement wao recj for arm64

Assets 20
Loading