NoOne-hub
Memory Address Issue on xor_decode (http_tool.h)
Hey,
I found that there is an address calculation issue happens on the xor_decode function will cause crash when beaconing.
The code v11 = out[v8 + v9] ^ in[v8 & 3]; takes the sum of v8+v9 to locate the in array from out (as v9 = the address diff betw in and out). However, as v8 is unsigned, if v9 is a negative number (as no guarantee for out lies after in), the result address of v8+v9 will be overflow since it is converted to unsigned.
To solve this, suggest: change the data definition of v8 to signed int, or use v11 = in[v8 + 4] ^ in[v8 & 3]; instead of v11 = out[v8 + v9] ^ in[v8 & 3];
我在我的測試profile發現,xor_decode 函數中有從 out 反向計算出 in 的行為,但函數的v8是無符號int,和有符號int v9 相加會導致溢出,令Beacon崩潰。建議把 v8 換成 signed 或用 v11 = in[v8 + 4] ^ in[v8 & 3]; 代替。
Elephacking
