From d0ff4e224738adf34eba38dc33ffda67e5da6634 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Mon, 1 Aug 2022 02:02:16 +0200 Subject: [PATCH] readelf: memrchr searches backwards but takes the start buf as argument The bug (caught by valgrind) was giving memrchr to end of the buffer. Also as cleanup, Use d_val not d_ptr for calculating offset. --- src/ChangeLog | 5 +++++ src/readelf.c | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index db20a6ef..42ce6640 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2022-08-01 Mark Wielaard + + * readelf.c (handle_dynamic): Pass start of buffer to memrchr. + Use dyn->d_un.d_val for offsets instead of d_ptr. + 2022-04-28 Di Chen * readelf.c (options): Add use-dynamic 'D'. diff --git a/src/readelf.c b/src/readelf.c index f4d973da..f1f77ce8 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -1905,10 +1905,10 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, GElf_Phdr *phdr) { if (! use_dynamic_segment) name = elf_strptr (ebl->elf, shdr->sh_link, dyn->d_un.d_val); - else if (dyn->d_un.d_ptr < strtab_data->d_size - && memrchr (strtab_data->d_buf + strtab_data->d_size - 1, '\0', - strtab_data->d_size - 1 - dyn->d_un.d_ptr) != NULL) - name = ((char *) strtab_data->d_buf) + dyn->d_un.d_ptr; + else if (dyn->d_un.d_val < strtab_data->d_size + && memrchr (strtab_data->d_buf + dyn->d_un.d_val, '\0', + strtab_data->d_size - 1 - dyn->d_un.d_val) != NULL) + name = ((char *) strtab_data->d_buf) + dyn->d_un.d_val; } switch (dyn->d_tag) -- 2.30.2