This release contains a few important security fixes:
Apart from those, were fixed:
- Various minor packaging and installation issues and improvements
- Various minor fixes on big-endian platforms
- GCC 12 compilation warnings.
- Update libzip to v1.9.2
- Update rz-libdemangle
- Fix #2851 - wrong AVR analysis jump value for rjmp/rcall
- Fix the crash of command
fg
- Fix
pg
with fewer than 5 arguments - Fix
afx
command JSON output - Print graph when dmhg is executed
- Fix the heap overflow in TUI
- Fix for file sharing permission on Windows
- Fix #2957 - oob read in pe_section.c
- Fix #2970 - oob read in pe/pe.c and bin/golang.c
- Fix #2970 - oob read in coresymbolication.c and in bin_dyldcache.c
- Fix #2972 - oob read in ne.c
- Fix #2971 - null deref dwarf_process.c
- Fix #2968 - null deref in mdmp.c
- Fix #2965 - null deref and div by zero in mach0_rebase.c
- Fix #2962 - oob read in bin.c
- Fix #2961 - oob read in coresymbolication.c
- Fix #2958 #2960 #2973 - oob read in dwarf.c
- Fix #2955 - oob read in dex.c
- Fix #2954 - oob read in dex.c
- Fix #2953 - oob read in magic/funcs.c
- Fix #2952 - null deref in dyldcache.c
- Fix #2993 - Check rz_buf_read_le32_offset return status parsing LE bins
- Fix integer overflow in mach0
- Fix oob read on luac
- Fix RzBitmap length type and added ownership and checks.
- Fix strdup on nullptr in rz_core_bin_apply_strings
- Fix oob read on _luac_build_info and luac memleaks
- Fix oob read on rz_pkcs7_parse_spcdata
- Fix oob read on rz_x509_parse_tbscertificate
- Fix oob read and endian dependency in asm_ebc
- Fix OOB read in 6502 analysis plugin.
- Fix reset followed by color change in rz_cons_html_filter
- Fix always true if due wrong check in search
- Fix the failure of switching panel command
- Fix double free of enum member name
- core_search_for_xrefs_in_boundaries omits the negative return value
- Fix the crash caused by get_long_object()
Full Changelog: v0.4.0...v0.4.1