Skip to content

Commit

Permalink
Fix out of bound read in analysis_objc.c
Browse files Browse the repository at this point in the history
  • Loading branch information
@wargio
wargio committed Sep 12, 2024
1 parent 4d1758e commit 4e648c0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ subprojects/lz4-*/
subprojects/packagecache/
subprojects/sdb/
subprojects/tree-sitter-*/
subprojects/rizin-grammar-*/
subprojects/zlib-*/
subprojects/sigdb/
subprojects/libdemangle/
Expand Down
4 changes: 2 additions & 2 deletions librz/core/analysis_objc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ static bool objc_build_refs(RzCoreObjc *objc) {
RZ_LOG_ERROR("aao: Cannot read the whole const section %zu\n", ss_const);
return false;
}
for (off = 0; off + word_size < ss_const; off += word_size) {
for (off = 0; off + word_size < ss_const && (off + 8) < maxsize; off += word_size) {
ut64 va = va_const + off;
ut64 xrefs_to = rz_read_le64(buf + off);
if (isValid(xrefs_to)) {
Expand All @@ -156,7 +156,7 @@ static bool objc_build_refs(RzCoreObjc *objc) {
RZ_LOG_ERROR("aao: Cannot read the whole selrefs section\n");
return false;
}
for (off = 0; off + word_size < ss_selrefs; off += word_size) {
for (off = 0; off + word_size < ss_selrefs && (off + 8) < maxsize; off += word_size) {
ut64 va = va_selrefs + off;
ut64 xrefs_to = rz_read_le64(buf + off);
if (isValid(xrefs_to)) {
Expand Down

0 comments on commit 4e648c0

Please sign in to comment.