Refix the objc parsing boundary check (#18648)

Co-authored-by: pancake <pancake@nopcode.org>
2025-02-26 17:15:38 +00:00 · 2021-05-01 02:45:54 +02:00 · 2021-05-01 02:45:54 +02:00 · 7226f0e43c
commit 7226f0e43c
parent b146df6aa3
1 changed files with 9 additions and 1 deletions
--- a/libr/core/anal_objc.c
+++ b/libr/core/anal_objc.c
@ -258,7 +258,15 @@ static bool objc_find_refs(RCore *core) {
 		}

 		classMethodsVA += 8; // advance to start of class methods array
-		ut64 to = classMethodsVA + (objc2ClassMethSize * count);
+		ut64 delta = (objc2ClassMethSize * count);
+		ut64 to = classMethodsVA + delta - 8;
+		if (delta > objc->file_size) {
+			eprintf ("Workaround: Corrupted objc data? checking next %llx !< %llx\n", classMethodsVA, to);
+			count = (objc->_data->vsize / objc2ClassMethSize) - 1;
+			delta = objc2ClassMethSize * count;
+			to = classMethodsVA + delta;
+
+		}
 		if (classMethodsVA > to) {
 			eprintf ("Warning: Fuzzed binary or bug in here, checking next %llx !< %llx\n", classMethodsVA, to);
 			break;