Skip to content

Refactor bootimg parser to avoid packed struct #5816

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Ashishworks wants to merge 6 commits into
base: dev
Choose a base branch
from
Draft

Refactor bootimg parser to avoid packed struct #5816

Ashishworks wants to merge 6 commits into from
+119 −44

Conversation

@Ashishworks
Copy link

@Ashishworks Ashishworks commented Jan 18, 2026

  • I've read the guidelines for contributing to this repository.
  • I made sure to follow the project's coding style.
  • I've documented every RZ_API function and struct this PR changes.
  • I've added tests that prove my changes are effective.
  • I've updated the Rizin book with the relevant information (if needed).
  • I've used AI tools to generate fully or partially these code changes and I'm sure the changes are not copyrighted by somebody else.

Detailed description

This PR refactors the Android boot image (bootimg) bin plugin to avoid using a packed struct for parsing the header.

  • Remove RZ_PACKED from the boot image header definition in librz/bin/p/bin_bootimg.c.
  • Rewrite header parsing to read fields sequentially instead of reading the entire header into a packed struct using rz_buf_read_at().

This improves portability and avoids potential alignment issues caused by packed structs.

AI disclosure: ChatGPT was used for guidance and review of the approach. All changes were implemented and verified manually.

Test plan

  • Added minimal boot image test sample: test/db/bins/bootimg/android_boot_min.img
  • Added format tests: test/db/formats/bootimg

Tests cover:

  • opening the file (q!)
  • confirming the detected type includes Android Boot Image (iI~type)
  • confirming the header section exists (iS~header)

Closing issues

closes #5814

notxvilka
notxvilka requested changes Jan 18, 2026
View reviewed changes
@notxvilka notxvilka added the Requirements not met The PR doesn't meet the minimum contribution requirements. See CONTRIBUTING.md for details. label Jan 18, 2026
wargio
wargio reviewed Jan 18, 2026
View reviewed changes
@Rot127 Rot127 marked this pull request as draft January 19, 2026 19:00
@Ashishworks Ashishworks requested a review from notxvilka January 20, 2026 10:07
@Ashishworks Ashishworks marked this pull request as ready for review January 20, 2026 10:38
@Ashishworks Ashishworks requested a review from wargio January 20, 2026 11:04
wargio
wargio reviewed Jan 20, 2026
View reviewed changes
test/db/bins/bootimg/android_boot_min.img
Copy link
Member

@wargio wargio Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is a dedicated repo for this (check tests/README.md). also where this file comes from?

Copy link
Author

@Ashishworks Ashishworks Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, let me try a different approach.

wargio
wargio reviewed Jan 20, 2026
View reviewed changes
.gitattributes
Copy link
Member

@wargio wargio Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

revert this

Copy link
Author

@Ashishworks Ashishworks Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay

wargio
wargio reviewed Jan 20, 2026
View reviewed changes
librz/bin/p/bin_bootimg.c
Comment on lines +63 to +115
// Read all 32-bit header fields (little-endian)
if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->kernel_size)) {
return false;
}
if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->kernel_addr)) {
return false;
}

if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->ramdisk_size)) {
return false;
}
if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->ramdisk_addr)) {
return false;
}

if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->second_size)) {
return false;
}
if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->second_addr)) {
return false;
}

if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->tags_addr)) {
return false;
}
if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->page_size)) {
return false;
}

if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->unused[0])) {
return false;
}
if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->unused[1])) {
return false;
}

// Read strings/arrays
if (!rz_buf_read_offset(obj->buf, &offset, bi->name, BOOT_NAME_SIZE)) {
return false;
}
if (!rz_buf_read_offset(obj->buf, &offset, bi->cmdline, BOOT_ARGS_SIZE)) {
return false;
}

for (i = 0; i < 8; i++) {
if (!rz_buf_read_le32_offset(obj->buf, &offset, &bi->id[i])) {
return false;
}
}

if (!rz_buf_read_offset(obj->buf, &offset, bi->extra_cmdline, BOOT_EXTRA_ARGS_SIZE)) {
return false;
}
Copy link
Member

@wargio wargio Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

create a function. check the issue.

Copy link
Author

@Ashishworks Ashishworks Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay

wargio
wargio reviewed Jan 20, 2026
View reviewed changes
librz/bin/p/bin_bootimg.c
Comment on lines +118 to +125
if ((n = rz_str_ndup((char *)bi->name, BOOT_NAME_SIZE))) {
sdb_set(db, "name", n);
free(n);
}
if ((n = rz_str_ndup((char *)bi->cmdline, BOOT_ARGS_SIZE))) {
sdb_set(db, "cmdline", n);
free(n);
}
Copy link
Member

@wargio wargio Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a terrible idea if you don't sanitize the values.

Copy link
Author

@Ashishworks Ashishworks Jan 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood, I'll try a different approach.

wargio
wargio reviewed Jan 20, 2026
View reviewed changes
librz/bin/p/bin_bootimg.c

for (i = 0; i < 8; i++) {
char key[16];
snprintf(key, sizeof(key), "id.%d", i);
Copy link
Member

@wargio wargio Jan 20, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
snprintf(key, sizeof(key), "id.%d", i);
rz_strf(key, "id.%d", i);

@Rot127 Rot127 marked this pull request as draft January 21, 2026 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wargio wargio wargio left review comments

@ret2libc ret2libc Awaiting requested review from ret2libc ret2libc is a code owner

@kazarmy kazarmy Awaiting requested review from kazarmy kazarmy is a code owner

@thestr4ng3r thestr4ng3r Awaiting requested review from thestr4ng3r thestr4ng3r is a code owner

@Rot127 Rot127 Awaiting requested review from Rot127 Rot127 is a code owner

@notxvilka notxvilka Awaiting requested review from notxvilka

@XVilka XVilka Awaiting requested review from XVilka XVilka will be requested when the pull request is marked ready for review XVilka is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Requirements not met The PR doesn't meet the minimum contribution requirements. See CONTRIBUTING.md for details. rz-test RzBin

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Refactor bin_bootimg.c to remove RZ_PACKED

3 participants

@Ashishworks @wargio @notxvilka