From 1d745ac0ad84a20c6e3524ed24335301b953ca61 Mon Sep 17 00:00:00 2001 From: Connor Tumbleson Date: Wed, 18 Dec 2013 08:41:18 -0600 Subject: [PATCH] correctly handles abused length strings - jtmuhone --- CHANGES | 3 ++- .../androlib/res/decoder/StringBlock.java | 20 +++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index b2f03335..f5c52d05 100644 --- a/CHANGES +++ b/CHANGES @@ -26,7 +26,8 @@ v2.0.0 (TBA) -Fixed (issue #524) - INSTALL_FAILED_DEXOPT fix (JesusFreke) -Fixed (issue #473) - multiple package frameworks are treated correctly. -Fixed (issue #531) - JAR disassembling borking is fixed --Fixed (issue #550) - Corectly labels incorrect type handling of +-Fixed (issue #550) - Correctly labels incorrect type handling of +-Fixed (issue #571) - Fixed truncated strings (Thanks jtmuhone) -Added output to list Apktool version to help debugging. -Updated known bytes for configurations to 38 (from addition of layout direction) -Fixed NPE when handling odex apks even with --no-src specified. (Thanks Rodrigo Chiossi) diff --git a/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/StringBlock.java b/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/StringBlock.java index 19f571b0..32231979 100644 --- a/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/StringBlock.java +++ b/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/StringBlock.java @@ -102,10 +102,22 @@ public class StringBlock { length = getShort(m_strings, offset) * 2; offset += 2; } else { - offset += getVarint(m_strings, offset)[1]; - int[] varint = getVarint(m_strings, offset); - offset += varint[1]; - length = varint[0]; + int val = m_strings[offset]; + if ((val & 0x80) != 0) { + offset += 2; + } else { + offset += 1; + } + val = m_strings[offset]; + if ((val & 0x80) != 0) { + offset += 2; + } else { + offset += 1; + } + length = 0; + while (m_strings[offset + length] != 0) { + length++; + } } return decodeString(offset, length); }