From fb59d877cabafed6d88c44637fbb53cc592259ad Mon Sep 17 00:00:00 2001
From: wargio <wargio@libero.it>
Date: Thu, 12 Sep 2024 14:26:16 +0800
Subject: [PATCH] Fix out of bound read in analysis_objc.c & update gitignore

---
 .gitignore                 | 1 +
 librz/core/analysis_objc.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2dc058cf447..ff7009fc8d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -124,6 +124,7 @@ subprojects/lz4-*/
 subprojects/packagecache/
 subprojects/sdb/
 subprojects/tree-sitter-*/
+subprojects/rizin-grammar-*/
 subprojects/zlib-*/
 subprojects/sigdb/
 subprojects/libdemangle/
diff --git a/librz/core/analysis_objc.c b/librz/core/analysis_objc.c
index 74e7116a4bf..5f96b359fac 100644
--- a/librz/core/analysis_objc.c
+++ b/librz/core/analysis_objc.c
@@ -145,7 +145,7 @@ static bool objc_build_refs(RzCoreObjc *objc) {
 		RZ_LOG_ERROR("aao: Cannot read the whole const section %zu\n", ss_const);
 		return false;
 	}
-	for (off = 0; off + word_size < ss_const; off += word_size) {
+	for (off = 0; off + word_size < ss_const && (off + 8) < maxsize; off += word_size) {
 		ut64 va = va_const + off;
 		ut64 xrefs_to = rz_read_le64(buf + off);
 		if (isValid(xrefs_to)) {
@@ -156,7 +156,7 @@ static bool objc_build_refs(RzCoreObjc *objc) {
 		RZ_LOG_ERROR("aao: Cannot read the whole selrefs section\n");
 		return false;
 	}
-	for (off = 0; off + word_size < ss_selrefs; off += word_size) {
+	for (off = 0; off + word_size < ss_selrefs && (off + 8) < maxsize; off += word_size) {
 		ut64 va = va_selrefs + off;
 		ut64 xrefs_to = rz_read_le64(buf + off);
 		if (isValid(xrefs_to)) {