Fix segfault of pv command. (#4883)

Rot127 · web-flow · commit fc6886b8d795 · 2025-02-10T00:43:56.000+08:00
A non-numerical argument set repeat to 0 and
lead to an integer overflow further down.
This lead to OOB reading of memory.
diff --git a/librz/core/cmd/cmd_print.c b/librz/core/cmd/cmd_print.c
@@ -4234,7 +4234,7 @@ static bool print_value(RzCore *core, PrintValueOptions *opts, RzCmdStateOutput
 
 static RzCmdStatus print_value_size(RzCore *core, RzCmdStateOutput *state, int argc, const char **argv, ut64 size) {
 	int repeat = argc > 1 ? rz_num_math(NULL, argv[1]) : 1;
-	if (repeat < 0) {
+	if (repeat <= 0) {
 		return RZ_CMD_STATUS_ERROR;
 	}
 	PrintValueOptions opts = {
diff --git a/test/db/cmd/cmd_pv b/test/db/cmd/cmd_pv
@@ -0,0 +1,19 @@
+NAME=pv
+FILE=
+CMDS=<<EOF
+# Invalid input, check for segfault
+pv iihasidbib
+pv 0x9
+EOF
+EXPECT=<<EOF
+0x0000000000000000
+0x0000000000000000
+0x0000000000000000
+0x0000000000000000
+0x0000000000000000
+0x0000000000000000
+0x0000000000000000
+0x0000000000000000
+0x0000000000000000
+EOF
+RUN

Original file line number	Diff line number	Diff line change
`@@ -4234,7 +4234,7 @@ static bool print_value(RzCore core, PrintValueOptions opts, RzCmdStateOutput`
`4234`	`4234`
`4235`	`4235`	`static RzCmdStatus print_value_size(RzCore core, RzCmdStateOutput state, int argc, const char **argv, ut64 size) {`
`4236`	`4236`	`int repeat = argc > 1 ? rz_num_math(NULL, argv[1]) : 1;`
`4237`		`- if (repeat < 0) {`
	`4237`	`+ if (repeat <= 0) {`
`4238`	`4238`	`return RZ_CMD_STATUS_ERROR;`
`4239`	`4239`	`}`
`4240`	`4240`	`PrintValueOptions opts = {`