Hardened String Block Parser #3239

iBotPeaches · 2023-07-31T01:41:21Z

iBotPeaches · 2023-07-31T01:46:57Z

Nevermind - this isn't ready. Regressed the sample app with style count = 0, but style offset > 0.

iBotPeaches · 2023-07-31T10:38:42Z

07-31 05:44:57.579 283041 283041 W ResourceType: Bad string block: string #316 entry is at 6488080, past end at 21420

Missing one more patch. Need to handle when string block has more strings reported than can fit.

brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/StringBlock.java

iBotPeaches added 2 commits July 30, 2023 21:39

fix: add headerSize to stringBlock to detect larger headers

76e2bbb

fix: handle app with style offset, but 0 styles

a9ebcd7

refactor: split counting stream into CountingDataInput

0dd8feb

iBotPeaches added 2 commits July 31, 2023 07:26

fix: read strings till end of string pool chunk

0297845

fix: support out of bound string reading

cfa6ecd

iBotPeaches commented Jul 31, 2023

View reviewed changes

brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/StringBlock.java Outdated Show resolved Hide resolved

iBotPeaches added 2 commits July 31, 2023 20:47

fix: don't read string/style offset out of bounds

9e6b597

refactor: cleanup comments for string parser

43f7783

iBotPeaches marked this pull request as ready for review August 1, 2023 00:59

iBotPeaches added 2 commits August 1, 2023 06:10

style: comment on 4 byte alignment

c4d3e9b

fix: only warn if utf16 string

338f2a5

iBotPeaches merged commit 7c2cb5b into master Aug 1, 2023
31 checks passed

iBotPeaches deleted the string-block-robust branch August 1, 2023 10:23

iBotPeaches mentioned this pull request Aug 8, 2023

ArrayIndexOutOfBoundsException (getUtf8) #2378

Closed

iBotPeaches mentioned this pull request Oct 4, 2023

[BUG] Can't compile WhatsApp: No resource identifier found for attribute #3129

Open

Provide feedback