Fix #11036 - Fix oobread crash in serch bounds within aaV

2025-01-24 06:48:46 +00:00 · 2018-08-13 13:32:57 +02:00 · 2018-08-13 13:32:57 +02:00 · 6334b8c8bd
commit 6334b8c8bd
parent 747445debe
2 changed files with 6 additions and 2 deletions
--- a/libr/bin/p/bin_mach0.c
+++ b/libr/bin/p/bin_mach0.c
@ -148,7 +148,7 @@ static RList* sections(RBinFile *bf) {
 		if (!ptr->vaddr) {
 			// XXX(lowlyw) this is a valid macho, but rarely will anything
 			// be mapped at va = 0
-			eprintf ("mapping text to va = 0\n");
+			// eprintf ("mapping text to va = 0\n");
 			// ptr->vaddr = ptr->paddr;
 		}
 		ptr->srwx = sections[i].srwx;
--- a/libr/core/core.c
+++ b/libr/core/core.c
@ -3058,7 +3058,7 @@ R_API int r_core_search_value_in_range(RCore *core, RInterval search_itv, ut64 v
 				continue;
 			}
 		}
-		for (i = 0; i <= size - vsize; i++) {
+		for (i = 0; i <= (size - vsize); i++) {
 			void *v = (buf + i);
 			ut64 addr = from + i;
 			if (r_cons_is_breaked ()) {
@ -3068,6 +3068,10 @@ R_API int r_core_search_value_in_range(RCore *core, RInterval search_itv, ut64 v
 				continue;
 			}
 			match = false;
+			int left = size - i;
+			if (vsize > left) {
+				break;
+			}
 			switch (vsize) {
 			case 1: value = *(ut8 *)v; match = (buf[i] >= vmin && buf[i] <= vmax); break;
 			case 2: v16 = *(uut16 *)v; match = (v16 >= vmin && v16 <= vmax); value = v16; break;