RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 06:27:45 +00:00
Code Issues Activity Actions

LibELF: Fix an integer overflow in Image::find_sorted_symbol

Browse source 
The expression address - candidate.address can yield a value that
cannot safely be converted to an i32 which would result in
binary_search failing to find some symbols.
This commit is contained in:
Gunnar Beutner 2021-05-17 14:31:25 +02:00 committed by Andreas Kling
parent 44ceee1e14
commit 843f861f97
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Userland/Libraries/LibELF/Image.cpp
View file

@ -316,7 +316,12 @@ Image::SortedSymbol* Image::find_sorted_symbol(FlatPtr address) const
size_t index = 0; size_t index = 0;
binary_search(m_sorted_symbols, nullptr, &index, [&address](auto, auto& candidate) { binary_search(m_sorted_symbols, nullptr, &index, [&address](auto, auto& candidate) {
return address - candidate.address; if (address < candidate.address)
return -1;
else if (address > candidate.address)
return 1;
else
return 0;
}); });
// FIXME: The error path here feels strange, index == 0 means error but what about symbol #0? // FIXME: The error path here feels strange, index == 0 means error but what about symbol #0?
if (index == 0) if (index == 0)