pyc: fix fpe and heap buffer overflow (#3922)

* Fix div by zero in le_create_maps()

* Fix heap buffer overflow in marshal.c

* Make error messages like in cpython

* Refactor le_create_maps()

* Refactor marshal.c

librz/bin/format/le/le.c

@@ -1128,7 +1128,8 @@ static RzVector /*<LE_map>*/ *le_create_maps(rz_bin_le_obj_t *bin) {
 	rz_vector_foreach(le_maps, m) {
 		max_vaddr = RZ_MAX(max_vaddr, m->vaddr + m->vsize);
 	}
-	bin->reloc_target_map_base = max_vaddr - max_vaddr % h->pagesize + h->pagesize * 2;
+	CHECK(h->pagesize);
+	bin->reloc_target_map_base = max_vaddr - (max_vaddr % h->pagesize) + (h->pagesize * 2);
 
 	return le_maps;
 }

librz/bin/format/pyc/marshal.c

@@ -679,21 +679,23 @@ static pyc_object *get_ascii_object_generic(RzBinPycObj *pyc, RzBuffer *buffer,
 
 static pyc_object *get_ascii_object(RzBinPycObj *pyc, RzBuffer *buffer) {
 	bool error = false;
-	ut32 n = 0;
-
-	n = get_ut32(buffer, &error);
-	if (error) {
+	ut32 n = get_ut32(buffer, &error);
+	if (n > ST32_MAX) {
+		RZ_LOG_ERROR("bad marshal data (string size out of range)\n");
+		return NULL;
+	} else if (error) {
 		return NULL;
 	}
 	return get_ascii_object_generic(pyc, buffer, n, true);
 }
 
 static pyc_object *get_ascii_interned_object(RzBinPycObj *pyc, RzBuffer *buffer) {
 	bool error = false;
-	ut32 n;
-
-	n = get_ut32(buffer, &error);
-	if (error) {
+	ut32 n = get_ut32(buffer, &error);
+	if (n > ST32_MAX) {
+		RZ_LOG_ERROR("bad marshal data (string size out of range)\n");
+		return NULL;
+	} else if (error) {
 		return NULL;
 	}
 	return get_ascii_object_generic(pyc, buffer, n, true);