radareorg/radare2 6.1.0

on GitHub

Authors

Abhi Ahmethan G. Alberto Marnetto Antoni Viciano Carl Smedstad Charloitte Daniel Nakov Hakal Ignacio Sanmillan Marc R. Oblivionsage Oblivionsage Priyanshu Kumar Quentin Kaiser Zhichen Wu astralia aviciano condret dnakov pancake pancake pancake potato satk0

Changes

abi

• Reimplement RBufRef on top of RRef
• Fix the RLibDelHandler api

analysis

• Delete stale JAY code. wasnt used in 10 years
• Use invalid_page in aap, fixes another slow CI test
• Improve the invalid page check to speedup /azs
• Break aac when io fails or its not even executable
• Make use of the cmp value for jmptbl size, this was dead code before
• Better integration of plugins in the analysis pipeline
• Use RRef instead of custom refcounting in RAnalBlock -26LOC
• Add anal.jmptbl.split option to experimentally solve the missing cases
• Fix infinite loop in the jump table with shared basic blocks
• Fix #5136 - Add anal.jmp.pair to flatten consecutive inverse branch antidisasm tricks
• Add time_t type definition with size specification
• Handle CS_AC_READ_WRITE in the x86 cs plugin
• Honor op.ptr references in /re for x86 only
• Add plugin to import traces from DRCOV logs
• Rewrite RCore.seekOpForward for the better
• Better autoname filtering chars with RName apis
• Introduce afnq refactor afn into a separate helper
• Improve better fastpath function autoname
• Rewrite RCore.seekOpBackward for the better
• • Rewrite RCore.seekOpBackward for the better
• Move core.sixref plugin to anal.six
• RAnalCmd now returns a string instead of bool

api

• Add the new RNum.getErr helper
• Enforce non-null compile-time check for R_NEW and R_NEW0
• Single RConsVisual.readline helper used everywhere
• Introduce the new R_QUIET_FAIL for fast path asserts

arch

• Update from binutils the ARC disassembler from 2009 to 2026
• Use RStrBuf instead of the unsafe sprintf in the rv disassembler
• Use refcounted RArchSession
• Fix incorrect plugin references in RLibStruct structures
• Dont use strcpy/strcat or globals in xap disassembler
• Fix typos in the java opcode tables

asm

• Implement the asm.pseudo plugin for dotnet's CIL
• Add support for camelcase disasm syntax
• Add ARC pseudo plugin and update opcode descriptions
• Fix #25232 - x86asm for sil,dil,spl,bpl
• Fix x86 assembler accepting invalid register names like r1

bin

• Extend iH to return a string and permit multiple formats
• Import function signatures and types definitions from DWARF
• Fix arch hints for cil/x64 binaries and its tests
• Extend the CIL detection for Mono exe/dll
• There's no need for a PE to have a certificate
• Fix resource leaks in NE format parser
• Implement iz. izj. and izq. to show string in current address
• Add izzc and izzzc commands to count raw strings
• Fix leaks and other bugs in the LE format parser
• Implement izjq and its alias izqj
• Add bounds check for MDMP comment stream size
• Disable the xtr.dyldcache, fix a crash and other XXX in xnu.kernelcache
• Count and pagination of iz strings listing commands
• Add iz+ command
• Extend iz- command to accept length and type
• Fix endian-unsafe struct read in LE reloc parsing
• Add support for ARM64's GLOB_DAT ELF reloc types
• Fix code_length bounds check in Java class parser
• Replace eprintf with R_LOG in Java class parser
• Use actual data_size for MDMP comment streams
• Expose RTM revision version information from minidumps (mdmp)
• Fix #25382 - Open Limit chained fixup loop iterations in le reloc parsing
• Expose macho imports as vectors
• Use RVec for the ELF imports
• Priorize the use of RVec for RBinImports
• Ten times less memory use when loading DEX
• Fix some other bugs and memory leak in izz
• Remove deprecated addrline storage and fallback code paths
• Clamp MZ sections with file size
• Fix #25209 - Ensure we have enough data to read in mdmp
• Generalize imports cache for performance
• Support the Apple C4000 Baseband firmware (gns1)
• Fix memory leak in zimg plugin
• Fix memory leak in bflt plugin
• Zero copy string handling in swift demangler and remove one global
• Cache the has_nx value in the elf to parse it once
• Extract NX information for QNX ELF binaries
• Fix memory leak in PE parser
• Fix #25277 - oobread by one in the OMF parser
• Rework bin.xtac to fix tainted, memleaks and BE
• Fix memory leaks in Java binary parser
• Fix memory leaks in MDMP plugin and RBinMem
• Fix memory leaks in the som parser
• Fix #25248 - memory leak in MDMP parser
• Fix memory leaks in QNX binary parser
• Fix memory leak the SOM import parser
• Optimize symbol loading
• CUBINs are ELF based on EM_CUDA
• Lazily compute the PE autentihash once + add missing muta hash plugins
• Use RMutaBind in the PE plugin
• Use RMutaBind in RBin too, replace r_hash calls in macho
• Rename r_bin_command to r_bin_cmd
• Refactor the bflt code, more cleanup and minor reloc improvements
• Support non-arm bflt executables
• Fix reloc native types for mach0
• Expose more native reloc types
• Expose the reloc type for REL binaries
• Add support for records and invoke dynamic in java
• Add support for ACC_HIDDEN Java classes

build

• Cydia builds use rootless prefix and target arm64
• Inform the user about the command to run as sudo in sys/install.sh
• Fix to meson without any zip dependency, not even otezip
• Specify arm64e to please Sileo packages
• Fix r2_fortunes path inconsistency in meson.build
• Initial support for third party plugins
• Move shlr/ar into libr/io/p/ar
• Replace bundled libzip+zlib with otezip (-55kLOC)
• The csnext job now tests libuv and no-undefined
• Disable debug log statements in release builds

ci

• Fix #25179 - Merge the csnext and ssl jobs

cons

• Fix #17391: preserve UTF-8 in graph output
• Remove repeated spaces in hud lines
• Fix the color palette propagation problems via rcorecmdstr

core

• Add more guards to make background tasks more predictible
• Fix #25374 - Convert RLib->plugins_ht to a per-type array of hashtables

crash

• Fix a double free in r_str_replace_icase
• Fix stale pointer used when temporal blocksize changes
• Fix overflows array oobread index in intervaltree
• Fix negative index used in *r_anal_function_get_var
• Fix overflows return value in io.dsc
• Fix another integer overflow in bin_pelf
• Fix oobread caused by integer overflow in kernelcache
• Fix integer bug in dotnet getname causing oobread
• Fix two oobwrite bugs in canvas_resize
• Fix two integer overflows in RCore.getBoundariesProt
• Fix untrusted loop bound, integer overflow and oobread bugs in bin_pef.c
• Fix uaf in /m
• Fix integer overflow in the wfs command with large files
• Fix zero and size_t multiplication overflow UB issues in rvec
• Fix oobwrite in visual write commands and oobread pascal demangler
• Fix UB cast in container_of macro
• Sanitize function names in afl* to avoid command injection
• Fix UAF in RBin.ELF.fini
• Sanitize callconv in fcn_print_detail output
• Fix iter page underflow in le parser
• Fix integer overflow bug in r_cons_print and r_cons_write
• Fix #25338 - Out-of-bounds read in the NSO parser
• Fix #25336 - integer underflow in QNX parser
• Fix use-after-free in LE/LX reloc parsing
• Fix possible argument injection vuln in the swift demangler
• Fix #25290 - ELF extended phnum allocation check
• Sometimes the webserver calls this function with null command
• Fix otezip UB and incorrect java boundary check
• Fix heap buffer overflow in SPP processor
• Fix core plugin initialization order
• Fix #25212 - oob read in r_str_len_utf8
• Fix potential overflows in snprintf for cmd_mmc according to codescan
• Fix potential uaf in gdbclient/responses.c
• Fix the space for the null byte in seven.c

debug

• Fix #2079: Add source line breakpoints
• Implement native breakpoints support for XNU/ARM64
• Use RMutaBind in RDebugSnap
• Implement print fpu registers for linux-arm/arm64

diff

• Resolve 6 TODO comments from xpatch

disasm

• Support overlapped strings in the disassembly listing
• Do not emit Color_RESET in disasm loop when scr.color=0
• Improve auto-string comments in disasm
• Honor RMeta string size in 'str' flags
• Fix #680 - Keep :NN suffix in symbol substitution

esil

• Extend emulation support for x86 FPU

fs

• Fix #16396 - add mlx to list deleted files only for FAT
• Fix #19411 - Handle r2 alias for 'open'
• Move shlr/grub into libr/fs/p/grub

hash

• Fix #13937: rahash2 -R sdb output

http

• Fix the webserver when sandbox is enabled

io

• Fix #15699 - Add SREC file format support
• Remove globals from io.winedbg
• Remove globals from the io.bochs plugin
• Remove global state from io.gdb
• Remove global states from io.sysgdb
• Remove globals from the io.mach plugin
• Remove globals from the io.qnx plugin
• Remove core->block from write-op
• Update uf2families
• wx+ nibble writes no longer depend on block size
• Add r_io_bank_get_regions to speedup io.unalloc
• Add sandbox guards for zip://

muta

• Fix the license checks for all the crypto/hash
• Fix incremental hashing for SIP and ADD algorithms
• Reimplement ph to use RMuta and do blocksize incremental hashing
• Fix garbage value in aes crypto
• Move the seven bit string encoder/decoder into a plugin
• Improve RMuta api to cover the usecases from RCoreCmdPrint
• Support custom text output for RMuta.ssdeep/entropy
• Dont use RHash from RCoreBinFile
• Combine the RMuta.rc plugins
• Create the RMutaFletcher for all the fletcher subtypes
• Implements is now an array in json
• Create a single RMuta.crc plugin for the 22 crcs supported by rhash
• Combine all the sha checksums into a single plugin
• Support subtypes in muta plugins, combine rol/ror
• Port sha384 and sha512 from hash
• Use RMutaBind in anal
• Initial implementation of RMutaBind

print

• Fix escaping multibyte rune strings
• Fix #25445 - crash in p== and add tests for it
• Use RStrBuf in pxa (instead of strcat/strlen/strcpy)
• Fix "p8," command output (missing 0x prefix)
• Move p2 and p3 into pri2/pri3
• Honor cfg.bigendian in cv commands
• Use the new .getRegions for printing

r2js

• Add script to discard non-english strings

r2pm

• Fix LD_LIBRARY_PATH in r2pm for Termux

refactor

• Address all the java covs + more cleanup, shorter method names
• Remove globals from the java library -350LOC

search

• Nibble-sized hexpairs must roundup the negative size
• Document and enforce the nibble mask search in rafind2
• Fix #10875 - rafind2 filter files by rbin info
• Fix #22299 - add rafind2 search-and-replace
• Remove core->block dependency for /P

shell

• Fix #23629 - implement print/printf/println
• Fix 'a:' behaviour

tools

• Resolve the test path for r2r following symlinks as fallback

types

• Implement the tde command to define types with cfg.editor
• Implement e subcommand for all types using cfg.editor
• Add support to delete types using glob expressions
• Implement the tev command to view enums
• Colorize the types view output (tv command)
• Implement tv, tsv and tuv to view type offsets and xrefs
• Implement the tsx command to show struct offset like in hexdump
• Implement pack and align attributes for pf
• Add ts. and tu. commands as alias for .ts/.tu
• Add tu- command and fix command injection in other t*- commands
• Implement support for the hidden visibility attribute
• Improve propagation for windows structs and variable names
• Support embedding structs inside unions
• Fix support for unions in cparse->pf
• Remove typesdb global and use more pj api to build jsons
• Show struct fields as an array in the tsj output

util

• Add snake<->camel string conversion apis
• Redesigned RTypesOverflow apis to capture the result and don't duplicate ops
• Use compiler intrinsics to check for add/sub/mul overflows if available
• Make thread delays interruptible

visual

• Add 'agfma' with disasm and edge color for mermaid graphs

wasi

• Fix stdout redirect on wasi build

zignatures

• Add dir.flirt to scan for FLIRT signature database