From 839a78f2e09147e7d0c67fac0ff5465225461658 Mon Sep 17 00:00:00 2001
From: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Date: Tue, 27 Feb 2024 11:20:29 +0100
Subject: [PATCH] Better fix for previous commit to avoid out-of-bounds
 pointer.

---
 src/p_lx_elf.cpp | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index f8009e4f..0ae0bcb8 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -2028,11 +2028,8 @@ PackLinuxElf32::sort_DT32_offsets(Elf32_Dyn const *const dynp0)
 unsigned PackLinuxElf32::find_dt_ndx(unsigned rva)
 {
     unsigned *const dto = (unsigned *)mb_dt_offsets.getVoidPtr();
-    unsigned *const dto_end = (unsigned *)(mb_dt_offsets.getSize() + dto);
-    for (unsigned j = 0; dto[j]; ++j) { // linear search of short table
-        if (dto_end <= &dto[j]) { // defensive
-            return ~0u;
-        }
+    unsigned const dto_size = mb_dt_offsets.getSize() / sizeof(*dto);
+    for (unsigned j = 0; j < dto_size && dto[j]; ++j) { // linear search of short table
         if (rva == dto[j]) {
             return j;
         }
@@ -7945,11 +7942,8 @@ PackLinuxElf64::sort_DT64_offsets(Elf64_Dyn const *const dynp0)
 unsigned PackLinuxElf64::find_dt_ndx(u64_t rva)
 {
     unsigned *const dto = (unsigned *)mb_dt_offsets.getVoidPtr();
-    unsigned *const dto_end = (unsigned *)(mb_dt_offsets.getSize() + dto);
-    for (unsigned j = 0; dto[j]; ++j) { // linear search of short table
-        if (dto_end <= &dto[j]) { // defensive
-            return ~0u;
-        }
+    unsigned const dto_size = mb_dt_offsets.getSize() / sizeof(*dto);
+    for (unsigned j = 0; j < dto_size && dto[j]; ++j) { // linear search of short table
         if (rva == dto[j]) {
             return j;
         }