From: Mark Wielaard <mark@klomp.org>
Date: Mon, 1 Aug 2022 00:02:16 +0000 (+0200)
Subject: readelf: memrchr searches backwards but takes the start buf as argument
X-Git-Tag: elfutils-0.188~51
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d0ff4e224738adf34eba38dc33ffda67e5da6634;p=thirdparty%2Felfutils.git

readelf: memrchr searches backwards but takes the start buf as argument

The bug (caught by valgrind) was giving memrchr to end of the buffer.

Also as cleanup, Use d_val not d_ptr for calculating offset.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index db20a6ef0..42ce66401 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2022-08-01  Mark Wielaard  <mark@klomp.org>
+
+	* readelf.c (handle_dynamic): Pass start of buffer to memrchr.
+	Use dyn->d_un.d_val for offsets instead of d_ptr.
+
 2022-04-28  Di Chen  <dichen@redhat.com>
 
 	* readelf.c (options): Add use-dynamic 'D'.
diff --git a/src/readelf.c b/src/readelf.c
index f4d973da9..f1f77ce81 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1905,10 +1905,10 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, GElf_Phdr *phdr)
 	{
 	  if (! use_dynamic_segment)
 	    name = elf_strptr (ebl->elf, shdr->sh_link, dyn->d_un.d_val);
-	  else if (dyn->d_un.d_ptr < strtab_data->d_size
-		   && memrchr (strtab_data->d_buf + strtab_data->d_size - 1, '\0',
-			       strtab_data->d_size - 1 - dyn->d_un.d_ptr) != NULL)
-	    name = ((char *) strtab_data->d_buf) + dyn->d_un.d_ptr;
+	  else if (dyn->d_un.d_val < strtab_data->d_size
+		   && memrchr (strtab_data->d_buf + dyn->d_un.d_val, '\0',
+			       strtab_data->d_size - 1 - dyn->d_un.d_val) != NULL)
+	    name = ((char *) strtab_data->d_buf) + dyn->d_un.d_val;
 	}
 
       switch (dyn->d_tag)