CVE-2019-14745: Release r2-3.7.0 - Codename TopHat · radareorg/radare2

Version: 3.7.0
Previous: 3.6.0
Commits: 320
Contributors: 42

Authors

• Alexander Yukhanov [email protected]
• Anton Kochkov [email protected]
• Ayman Khamouma (ak42) [email protected]
• Cyrill Leutwiler [email protected]
• David CARLIER [email protected]
• Deepak Chethan [email protected]
• Florian Märkl [email protected]
• Francesco Tamagni [email protected]
• Guillaume Valadon [email protected]
• GustavoLCR [email protected]
• Ian Huang [email protected]
• Khairul Azhar Kasmiran [email protected]
• Lily Chung [email protected]
• Martin Brunner [email protected]
• Max [email protected]
• Michael Scherer [email protected]
• Paul I [email protected]
• Riccardo Schirone [email protected]
• Vanellope [email protected]
• blenk92 [email protected]
• dav1901 [email protected]
• deepakchethan [email protected]
• dodococo [email protected]
• eShuttleworth [email protected]
• karliss [email protected]
• lzutao [email protected]
• mai128n [email protected]
• pancake [email protected]
• ps [email protected]
• ps1337 [email protected]
• rfc2119 [email protected]
• ricardoapl [email protected]
• sanguinawer [email protected]
• vane11ope [email protected]
• xarkes [email protected]
• ycarmon [email protected]
• Óscar Carrasco [email protected]

Changes

anal

• Fix #13766 - Sum the meta_data_code as covered code
• Add more function definitions for posix and macOS binaries
• Add argument to ‘afll’ to select column to sort by
• Print MSVC RTTI Warnings only on anal.verbose=1
• Add afj command to analyze jmptbl from the shell
• Honor RAnalBlock->switch_op in afb. and afbi
• Improve ARM64 PAC instructions support
• Fix #14530 - Implementation of i.~{} aka RCoreItem
• Added val op hints to let the user define jmptbl sizes
• Fix #14501 - Jumptables are made of signed values
• Reduce xrefs sorting for aflj perf
• Initial implementation of anal.trycatch blocks

asm

• Implement PAC instructions in the ARM64 assembler

bin

• Add icqj command
• Fixes for msvc demangling (#14695)
• Add jni.h in bin/d for pfo
• Update Mach-O hardcoded format definitions
• Improve Mach-O header fields
• Improve RConsBind and use it from RBin via iz^C
• Use libswiftCore library if available to demangle Swift5 symbols
• Fix oba on frida://
• Add more e_machine values for ELF
• Fix support for Swift5 demangling via bin.demanglecmd
• Fix ordinal name on Linux for NE (invalid sdb path location)
• Fix function detection on coff file
• Add icqq to print unknow classnames
• Add icc support for Java/Dalvik
• Improve ObjC classes boundary checks and slightly improve demangling
• Parse macho’s LC_ENCRYPTION_INFO command in rabin2 -H
• Fix undefined behaviour bugs in malformed macho bins
• Handle “stub and resolver” exports and fix export trie for dyldcache
• Handle the export flags to avoid de-syncing
• Support ObjC categories on mangled classes
• Avoid loops in Mach-O export trie walking
• Parse Mach-O exports trie structure
• Fix #14499: Detect ascii substrings
• Show Class visibility information in icj for DEX
• Fix symbols in wasm and add custom sections
• Parse Rich header in PE
• Initial implementation of the bin.libs imports linking
• List multidex as dependency libs
• Initial working implementation of bin.libs
• The words of GOT
• Fix new exe header detection for MZ
• Optimize DEX subsystem detection
• Fix #14441 - Invalid codesize in some DEX files
• PoC: Initial implementation of direct bin symbols (20% speedup in loading times
• Remove the check_bytes and more bin-buf refactoring
• Add __const to potential VTable Sections
• Add r2 iw and rabin2 -w to enumerate try/catch blocks
• Parse the try/catch info of methods in DEX files

build

• Fix android-static
• Delete prefix/ and fix static builds (missing libmpc.a)
• Fixes for the android compilations
• Add $onlydebug in sys/ios-cydia.sh
• Towards emscripten build fix (update sdb)
• Enable ASSERTS on all travis builds, to avoid confusion
• mesonbuild: Backport to python 3.5

cons

• Make click and drag work on Windows
• Fix #12921 - Impl. r_cons_arrow_to_hjkl for Windows
• Fix scrolling directions in the hud
• Implement RCons.echo() and use it from r2.cmd(“echo64”)
• Fix grep in tasks
• Fix #11396: Integrate dietline with the hud
• Fix for RCons.html when no color is used
• Add example file for the pri command
• Add pri command to print raw images in RGB (using stiv code)
• Introduce ?e= and ?ed to print progressbar and 3D donut
• WIP: Initial support for rotozooming strings via ~<zoom
• Initial implementation of the human friendly json indent {:
• Fix #9269 - Initial Implementation of vi mode
• Enable click mouse input on Windows
• Add mouse click support to VTE terminals. Hopefully fix others too
• Click toggles cursor, make panels click mode more consistent
• Add RCons.get_click(), initial integration in visual and panels
• Initial support of mouse wheel+click
• Improve the ayu theme
• Clear also attributes on screen clear under scr.ansicon=0

core

• Handle ^C in repeated commands
• Implemented head and tail commands
• Alphabetically sort more help messages and fix /ac/aa help msg
• Fix i subcmd help grep
• Initial implementation of calling the r*2 commands natively from inside r2
• Expand on FreeBSD>=10 sandbox handling
• Add -qq to force quit. Avoid the -qcq confusion

debug

• Windows native debugger refactoring
• More fixes to WinDbg (#14675)
• Step over rep and repne prefixed instructions with dsui
• Fix breakpoints handling for FreeBSD
• Fix single-step in the iOS-arm64 native debugger
• Fix xnu_thread_get_drx for iOS/arm64
• Honor SWI for step-over

decompiler

• Add support for the native r2ghidra plugin detection in cmd.pdc

disasm

• Don’t show function name comment in Visual mode
• Fix #14655 - Improve asm.pseudo for Dalvik
• Demangle xrefs if asm.demangle=true and use ‘@’ for xref locs
• Fix #14622 - Skip reflines on non-executable offsets
• Respace demangled c++ names
• Do not asm.describe metaa .dwords
• Find relocs at instr. location first, then the dest
• Kill MOV/LEA comments
• Implement global imports (aii) and improve disasm-print-instruction code
• Implement ‘function imports’ concept (afii command)
• Add some SuperH opcode descriptions

fs

• Improve R_FS via IO

graph

• VV<> draw refs/xrefs graphs for visual navigation
• Implement icg to create class graphs
• Honor utf8 in diagonal graph lines
• Fix #14553 - Use HtUP to store canvas attributes instead of a sorted array (#14556)
• Add graph.body and graph.bubble config vars, move sin/cos into r_util
• Initial implementation of RConsCanvas.circle and bubble graphs

io

• Fix timeout issue in http.get
• Better use of perm/mode names in R_IO

mount

• Autocompletion for mount commands

mouse

• Improve mouse support in visual prompt

panels

• Drag and resize the panels with the mouse
• Add aflm and handle : as separator in click
• Handle click on toggle cache, frame title and screen borders
• Add tiny graph in panels and simplify the code a bit
• Show all the decompilers output at once
• W + hjkl just works like Ctrl w + hjkl
• Seek by clicking the offsets on Function Panel
• Right click is supported to open " widget
• Wheel is supported
• Mouse supports the menus which have spaces in their names
• Mouse kind of works on the menu, still lot to work on
• W + h/l moves the current panel to the direction like vim does with Ctrl W + h/l
• Introduce scr.demo to add effects in panels enter/exit
• Fix word highlighting with mouse in panels
• Cache the pdc outcome for each function
• Handle mouse click on panel tabs and select frames
• The ‘g’ key seek to highlighted address in current panel
• Highlight words onclick in panels
• Fix #14468 - Add pdsf panel for the " widget
• Initial support for saving the layouts with the names feature
• Unsync the base offset of each tab

parse

• Add r_parse_ctype

print

• Fix aho being ignored by asm.tabs

r2pipe

• Enlarge RLang.cmd() to 8KB length commands
• Improve decompiler integration ‘pdc?’ -> '!*%s -h" …
• Interpret .c files as #! via -i

search

• Skip PAC instructions in rop searching
• Skip ROP gadgets starting with RET
• Fix #14585 and #14584 - /c->/a* /C->/c /B->/mb /M->/mm - better help msg and autocompletion

types

• add tlj and tllj
• Fix #11404 - Implement “afsr” to change function return type

visual

• Visual Help colorized
• Improve the visual browse classes mode (vbc)
• Initial mouse support for visual tabs
• vda is an alias for vA

wasm

• Few memory leak fixes
• Copy the symbol id instead of reference

write

• Implement wao for dalvik

To Review

• Release 3.7.0 - TopHat
• Use RFlag.list() instead of .get() avoid false positives (#14735)
• Fixx oobread in flag.c (#14728)
• check for null
• Fix #14732 - Fix out-of-bounds read
• Better gameboy theme
• Fix #14696 - Fix p= in utf8 mode recent regression
• Fix edge detection for click and drag
• Fix a bug where a drag event could be initiated outside an edge
• Fix not being able to select the menu anymore
• Fix not being able to click on the X to close a panel
• Fix afsr not performing type checks
• Fix memory leaks part 2 (#14720)
• Fix Incorrect Break Check from de7a488 (#14723)
• Fix win32 compilation (#14722)
• Fix afs not changing function name (#14721)
• Changed the utf8 characters (#14719)
• Fix #14711 - Merge Fun/About/Help in panels
• Fix crash in .i~s … recursive infinite grep strings issue (#14718)
• Add fcn name in Visual mode if necessary when asm.filter=false and asm.jmpsub=false (#14713)
• Fix WinDbg plugin warning
• Fix #13633 - support nested unions (#14712)
• Handle ‘e’ in ‘"’
• Fix crash in canvas
• Fix projects, add of help and improve gb again
• Fix assertion
• Improve the gameboy theme
• Hide a harmless warning when string section size is 0
• Assertify the IO API a bit more
• Fix $? value in im prompt.exec from rc to num.value
• Kill os and ons commands (they werent even documented)
• Fix #12911 - Fix types starting with ‘void’ not being considered
• Fix abbreviated names being lost
• Hide this ‘code slot size’ warning under bin.verbose
• Use void in function prototypes (#14700)
• Revert that flagsize fix
• Proper fix of the oob8 bug
• Fix 1 byte oob read issue
• Fix 8byte oob write
• class, method and field names are now shorter and easier to read
• r2pm: handle info and install arguments properly (#14693)
• bin_symbols: Add quoting (#14690)
• Not camel case but snake case (#14687)
• Fix mouse click not opening file menu in panels (#14688)
• Only suspend threads if dbg.threads=true on Windows (#14689)
• Windows native debugger refactoring
• Massive win32 native debugging code refactoring
• and corresponding fixes.
• Fix hang after killing process
• Hide command autocompletion warning message
• • they’re now aligned with libr/bin/d/macho
• • also tweaked r_print_format_struct_size to work with referenced format names
• Fix some leaks found by ASAN
• Break demangled xref comment when in graph (#14678)
• Refactoring (#14681)
• Fix seeking (stepping now works)
• Fix more crashes
• Fix compiler warnings
• Refactoring (#14676)
• • improve macho format definitions
• • allow enums and bitfields with arbitrary size
• • avoid modifying the format string argument inside r_print_
• Fix capstone symbols visibility
• Fixes #14652: Fixes visual hud regressions
• Don’t show flag name for internal demangled xref
• Refactoring
• Default scr.breaklines to true
• Fixes #14353: Added utf8 support for agft
• Featur #14351: Added utf8 support for p= based commands
• All emacs dietline keybindings are implemented (#14664)
• Some fixes to windbg (#14666) #debug #windbg
• Fix #10505
• Fix wrong register profile being picked
• Fix use-after free(s) and null derefs
• Fix warnings
• cmd_debug.c: Make addroflib use basenames
• Fix flagspace autocompletion
• Add protobuf magic
• Pull enums out of RParseCTypeType
• Support struct/enum/union before name in ctypes parse
• Add cdecl-thiscall-ms Calling Convention (#14653)
• Add more tokens for the panels clicking thing
• Sort om help messages
• Fix #14640 - /aa
• Add help for /ac (#14638)
• Tested on rabin2 -D and iD command
• Add __stack_chk_fail to types-android.sdb.txt (#14641)
• Fix W command (#14636)
• Fix W command
• Required for r2pipe programs to buffer output to be processed by r2
• Handle ‘e’ in window panels mode too
• Refactoring (#14630)
• Don’t print non-ObjC methods in classdump_objc
• Improve ObjC classdump icc
• Parse ObjC superclass name
• Aim to fix O_BINARY issue in rahash2 on windows
• Fix ?b64- command
• A bit more cleaner vbtll (struct visual browser)
• Refactoring panels (#14613)
• Use eq[] instead in bin_classes()
• Respace demangled c++ names
• ic*: replace ' ' with ‘_’ in flag name
• Fix avra
• Add guards just in case; use r_str_rchr() instead
• Use upper case for #defines
• $ r2 Payload/Undecimus.app/Undecimus
• [0x10007e3ac]> s 0x1000081d8;af;s 0x1000082b0;afj 0x1000085fc 4
• [rio] fix r_io_cache_commit to commit all lines
• • Support for aap (function preludes with pacibsp)
• • Handle LDURSW properly
• • Define op->type for PAC instructions (not just family)
• • Add more asm descriptions for pac instructions
• Click [X] with mouse and close the panel, plus a bunch of refactoring (#14602)
• Add r_parse_ctype
• Add mpc to acr
• Fix r_parse for acr
• Mouse is supported for " widget (#14599)
• Put demangled name directly in call disasm if asm.demangle=true (#14600)
• Put demangled name directly in call disasm if asm.demangle=true
• Constrain possible flag names for functions
• Fix ds_print_fcn_name() comment alignment when asm.cmt.right=false
• Ignore dalvik since it’s treated differently
• Use R_FLAGS_FS_SYMBOLS instead in disasm.c
• Oops
• Fix demangled comment order (#14592)
• Fix c99 construct (#14593)
• Better name for seek autocompletion
• Fix #14543: Renamed function doesnt show in autocompletion list (#14591)
• Fix /ao command
• Fix infinite loop in /o-1
• Update capstone v4 and next
• Added support for esc, pag up, pag dwn
• Added vi mode, changed quit method for hud
• Added ^C for vi mode
• Fix wrong reloc command in panels (#14582)
• Docuemnt Q in q?
• Fix C99 construct
• Initial implementation of NE file format (#14573)
• Fix several bugs of mouse and improved a bit
• Simplify the fork+spawn logic on Apple things (#14574)
• Fix anoying aeim warning when debugging
• Minor function signature fixes
• Clean up #14568 code
• Add comment that demangles calls if asm.demangle=true
• Cache on and off works seamlessly
• Fix null deref in 'r2 -qcia --'
• Use PJ for meta (#14567)
• zero RConsGrep in cons_grep_reset() instead
• fix grep expr in cmd_info help
• Changing pdc settings has got a problem in panels and now it is fixed (#14561)
• This should improve performace as you don’t need to shift elements of
• the sorted array when you need to insert a new one.
• • skip reexports and “stub and resolver” exports for now, the semantics are different and need to be treated in a different way
• • but advance the pointer accordingly, to avoid loosing sync while walking the trie (especially in dyld cache)
• Fix #14552 - issue with Csj and scr.html
• Reduce the questionnaire when replace/create a panel, also replace the cmd of the current panel is available from " widget (#14551)
• Fix C99 construct without using -c99 (#14550)
• The image is generated with Gimp, saving as .data (RGB)
• This is 128(W) * 3(RGB) * ?(H) … the height is computed with the blocksize
• r2 -e hex.cols=128 -qqfcpri doc/cows128.data
• Added arrow info to pdJ (#14422)
• Fix build --without-gpl
• (still far from complete but we need to go forward and kill all the globals \o/)
• PD: the broken test is because initializing RCons twice
• Add several panels to the menu and sort some of them
• Fix invalid JSON in ij output
• Fixes #14524: vi delete command is now 3dw (#14527)
• Fixed dietline warnings
• Changed logic for diw/diW
• Fixes #14524: changed vi delete command format to 3dw from d3w
• Removed unnessary print
• ESC key handled in vi_mode
• Fixes #14521: Add support for ^y when ^w
• Fix #14470: Close popup widget on escape
• Fix #6321: Wrong handling of escape key
• Cursor was missing in the comments panel (#14518)
• Fix wrong assembly of jumps relative to the ESP register (#14511)
• Fix Windows Build (#14512)
• Fix trailing space issue in the GNU sh disassembler
• Fix u/U problem
• The menu properly gets updated as a new layout is saved with a name
• Fix isq. should do the same as is.q
• Fixes #14416: selections in disarm fixed
• Improve spacing around “//” in unum.c
• “+=1” -> " += 1" in unum.c
• “+1” -> " + 1" in unum.c
• Fix wrong realloc in r_asm_massemble
• In line 694 a buffer of size (sizeof(char*)*32) is allocated. Later on,
• this buffer is realloced to 64. This decreases the size of the allocated
• buffer instead of increase. This may lead to memory corruption.
• Click properly works on the tabs (#14491)
• Fix missing title line in Visual mode when under scr.ansicon=0 (#14490)
• Autocompletion for k command (#14488)
• Autocompletion working for ms
• Removed comments
• Autocompletion for k command
• Fix some bugs and add pddo panel to " widget
• Fix an assert in aoj
• Fix focus and bright themes
• Color regression issue in disasm.c
• Fix scr.wheel.speed regression
• Add gameboy theme
• More code cleanup in RBin (#14473)
• Fix r_str_replace - unit tests added
• Fix two lines in doc/hud
• Autocompletion works for md, mg
• Added autocomplete flag map
• Fix behaviour of click in panels (x<20)
• Fix scr.wheel glich
• Disabled by default at compile time. See FEATURE_SYMLIST define
• Fix crash, reduce false positives of RBin.dol
• Use RBuf.slice in /B
• Fix autocompletion of remote files in #ms (#14284)
• Added Segments panel and made cursor available for both Sections and Segments panels (#14461)
• Add help for afs? command
• Quote wa command generated in visual mode (#11138)
• Use a pointer to eprintf instead
• Fix aaa color under scr.ansicon=0
• small fix for console
• Add spaces around operators in r_num_conditional()
• Add spaces around operators in r_num_to_bits()
• Don’t update console panel when it’s not absolutely necessary
• Add spaces around operators in r_num_op()
• Add a couple of spaces around ‘==’ in unum.c
• Add a couple of spaces around %
• Remove some spaces
• Add a space
• Fix an UB oobread
• Fix RStr.replace()
• Fix long times for pp -1
• Remove some more spaces
• Remove a space
• Set foreground color just in case
• • add r_fs_file_copy_abs_path to get the absolute path of a RFSFile, centralizing edge case handling
• • use that in fs_io_read
• • add missing free (file->path) in RFSFile destructor
• • fix handlePipes for fs shell cat use case
• Fix couple of small bugs in panels with tabs
• Small fix for tab (#14432)
• Python 3.5 (the lowest version that meson supports) has no f-String
• but only old %-formatting and str.format().
• Fix warning when printing level of “>” (#14430)
• Strip trailing whitespaces
• Fix warning -Wstring-plus-int on cont_level
• Remove unused var
• Fix ragg2 *.c on macOS
• Add fortune
• tT segfaults so fixing it (#14426)
• Post release version bump (3.7.0-git)
• Fix a few null dereference issues (#14419)
• Fix ec* wrt attributes (#14421)
• Fix for the debug mode that makes disasm so slow (#14414)
• Notes:
• SH opcodes array, file libr/asm/arch/sh/gnu/sh-dis.c from GNU binutils, defines “bf.s” and "bf/s", same with “bt.s” and "bt/s".
• Both pairs are identical, e.g. bt.s and bt/s mean the same thing.
• As *.s variants come first in the table, radare and binutils-objdump print bf.s and bt.s names.
• Still true for latest binutils (v2.32 2019-02-02).
• Renesas chip hardware manuals and IDA Pro only use bf/s and bt/s.
• Complete R_CONS_ATTR_ series (#14411)