Fix #16225 - Remove the unused fcn_locs causing an UAF ##anal

radareorg · Mar 17, 2020 · 2edd5c1 · 2edd5c1
1 parent 2ae0692
commit 2edd5c1
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 358 deletions.
diff --git a/libr/anal/function.c b/libr/anal/function.c
@@ -94,7 +94,6 @@ R_API void r_anal_function_free(void *_fcn) {
 
 	free (fcn->name);
 	free (fcn->attr);
-	r_list_free (fcn->fcn_locs);
 	fcn->bbs = NULL;
 	free (fcn->fingerprint);
 	r_anal_diff_free (fcn->diff);
@@ -286,11 +285,6 @@ R_API ut64 r_anal_function_realsize(const RAnalFunction *fcn) {
 		r_list_foreach (fcn->bbs, iter, bb) {
 			sz += bb->size;
 		}
-		r_list_foreach (fcn->fcn_locs, fiter, f) {
-			r_list_foreach (f->bbs, iter, bb) {
-				sz += bb->size;
-			}
-		}
 	}
 	return sz;
 }

diff --git a/libr/core/canal.c b/libr/core/canal.c
@@ -839,15 +839,6 @@ static int __core_anal_fcn(RCore *core, ut64 at, ut64 from, int reftype, int dep
 
 			/* New function: Add initial xref */
 			if (from != UT64_MAX) {
-				if (fcn->type == R_ANAL_FCN_TYPE_LOC) {
-					RAnalFunction *f = r_anal_get_fcn_in (core->anal, from, -1);
-					if (f) {
-						if (!f->fcn_locs) {
-							f->fcn_locs = r_list_new ();
-						}
-						r_list_add_sorted (f->fcn_locs, fcn, &cmpfcn);
-					}
-				}
 				r_anal_xrefs_set (core->anal, from, fcn->addr, reftype);
 			}
 			// XXX: this is wrong. See CID 1134565