mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

Better fix for previous commit to avoid out-of-bounds pointer.

Browse Source
This commit is contained in:
Markus F.X.J. Oberhumer 2024-02-27 11:20:29 +01:00
parent 680ce0a7af
commit 839a78f2e0
1 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/p_lx_elf.cpp
View File

@ -2028,11 +2028,8 @@ PackLinuxElf32::sort_DT32_offsets(Elf32_Dyn const *const dynp0)
unsigned PackLinuxElf32::find_dt_ndx(unsigned rva)
{
unsigned *const dto = (unsigned *)mb_dt_offsets.getVoidPtr();
unsigned *const dto_end = (unsigned *)(mb_dt_offsets.getSize() + dto);
for (unsigned j = 0; dto[j]; ++j) { // linear search of short table
if (dto_end <= &dto[j]) { // defensive
return ~0u;
}
unsigned const dto_size = mb_dt_offsets.getSize() / sizeof(*dto);
for (unsigned j = 0; j < dto_size && dto[j]; ++j) { // linear search of short table
if (rva == dto[j]) {
return j;
}
@ -7945,11 +7942,8 @@ PackLinuxElf64::sort_DT64_offsets(Elf64_Dyn const *const dynp0)
unsigned PackLinuxElf64::find_dt_ndx(u64_t rva)
{
unsigned *const dto = (unsigned *)mb_dt_offsets.getVoidPtr();
unsigned *const dto_end = (unsigned *)(mb_dt_offsets.getSize() + dto);
for (unsigned j = 0; dto[j]; ++j) { // linear search of short table
if (dto_end <= &dto[j]) { // defensive
return ~0u;
}
unsigned const dto_size = mb_dt_offsets.getSize() / sizeof(*dto);
for (unsigned j = 0; j < dto_size && dto[j]; ++j) { // linear search of short table
if (rva == dto[j]) {
return j;
}