From 843f861f978b6b3287a2dec944492a680e367257 Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gbeutner@serenityos.org>
Date: Mon, 17 May 2021 14:31:25 +0200
Subject: [PATCH] LibELF: Fix an integer overflow in Image::find_sorted_symbol

The expression address - candidate.address can yield a value that
cannot safely be converted to an i32 which would result in
binary_search failing to find some symbols.
---
 Userland/Libraries/LibELF/Image.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibELF/Image.cpp b/Userland/Libraries/LibELF/Image.cpp
index 97ea2eba1e..b9bde0e15f 100644
--- a/Userland/Libraries/LibELF/Image.cpp
+++ b/Userland/Libraries/LibELF/Image.cpp
@@ -316,7 +316,12 @@ Image::SortedSymbol* Image::find_sorted_symbol(FlatPtr address) const
 
     size_t index = 0;
     binary_search(m_sorted_symbols, nullptr, &index, [&address](auto, auto& candidate) {
-        return address - candidate.address;
+        if (address < candidate.address)
+            return -1;
+        else if (address > candidate.address)
+            return 1;
+        else
+            return 0;
     });
     // FIXME: The error path here feels strange, index == 0 means error but what about symbol #0?
     if (index == 0)