fix #1694 - take in consideration pointer could be called with NULL

CHANGELOG.md

@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Fixed bad memory handling in MifareSim device side (@iceman1001)
  - Added json topaz file format (@iceman1001)
  - Added `hf topaz rdbl,  wrbl, view` commands (@iceman1001)
  - Added more details to the annotations of `hf mfdes list` output (@nvx)

armsrc/Standalone/hf_mfcsim.c

@@ -56,10 +56,11 @@ static char cur_dump_file[22] = {0};
 
 static bool fill_eml_from_file(char *dumpfile) {
     // check file exist
-    if (!exists_in_spiffs(dumpfile)) {
+    if (exists_in_spiffs(dumpfile) == false) {
         Dbprintf(_RED_("Dump file %s not found!"), dumpfile);
         return false;
     }
+
     //check dumpfile size
     uint32_t size = size_in_spiffs(dumpfile);
     if (size != DUMP_SIZE) {
@@ -67,9 +68,12 @@ static bool fill_eml_from_file(char *dumpfile) {
         BigBuf_free();
         return false;
     }
+
     //read and load dump file
-    if (g_dbglevel >= DBG_INFO)
+    if (g_dbglevel >= DBG_INFO) {
         Dbprintf(_YELLOW_("Found dump file %s. Uploading to emulator memory..."), dumpfile);
+    }
+
     emlClearMem();
     uint8_t *emCARD = BigBuf_get_EM_addr();
     rdv40_spiffs_read_as_filetype(dumpfile, emCARD, size, RDV40_SPIFFS_SAFETY_SAFE);
@@ -77,7 +81,7 @@ static bool fill_eml_from_file(char *dumpfile) {
 }
 
 static bool write_file_from_eml(char *dumpfile) {
-    if (!exists_in_spiffs(dumpfile)) {
+    if (exists_in_spiffs(dumpfile) == false) {
         Dbprintf(_RED_("Dump file %s not found!"), dumpfile);
         return false;
     }
@@ -99,14 +103,18 @@ void RunMod(void) {
 
     bool flag_has_dumpfile = false;
     for (int i = 1;; i++) {
+
         //Exit! usbcommand break
         if (data_available()) break;
 
-        //Infinite loop
+        // infinite loop
         if (i > 15) {
-            if (!flag_has_dumpfile)
+            // still no dump file found
-                break; //still no dump file found
+            if (flag_has_dumpfile == false) {                
-            i = 1;     //next loop
+                break; 
+            }
+            // next loop
+            i = 1;
         }
 
         //Indicate which card will be simulated
@@ -115,7 +123,7 @@ void RunMod(void) {
         //Try to load dump form flash
         sprintf(cur_dump_file, HF_MFCSIM_DUMPFILE_SIM, i);
         Dbprintf(_YELLOW_("[Slot: %d] Try to load dump file: %s"), i, cur_dump_file);
-        if (!fill_eml_from_file(cur_dump_file)) {
+        if (fill_eml_from_file(cur_dump_file) == false) {
             Dbprintf(_YELLOW_("[Slot: %d] Dump load Failed, Next one!"), i);
             LEDsoff();
             continue;
@@ -145,8 +153,10 @@ void RunMod(void) {
         }
         Dbprintf(_YELLOW_("[Slot: %d] Write Success! Change to next one!"), i);
     }
-    if (!flag_has_dumpfile)
+
+    if (flag_has_dumpfile == false) {
         Dbprintf("No dump file found!");
+    }
     Dbprintf("Breaked! Exit standalone mode!");
     SpinErr(15, 200, 3);
     return;

armsrc/mifaresim.c

@@ -486,6 +486,13 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain, uint1
     uint8_t *rats = NULL;
     uint8_t rats_len = 0;
 
+
+    // if fct is called with NULL we need to assign some memory since this pointer is passaed around
+    uint8_t datain_tmp[10] = {0};
+    if (datain == NULL) {
+        datain = datain_tmp;
+    }
+
     //Here, we collect UID,sector,keytype,NT,AR,NR,NT2,AR2,NR2
     // This will be used in the reader-only attack.