fixed buffer overflow in weird jumptables

2024-11-29 04:49:16 +00:00 · 2024-08-17 18:48:20 -07:00 · 2024-08-17 18:48:20 -07:00 · da7a71c3bc
commit da7a71c3bc
parent 4223d9f413
2 changed files with 2 additions and 2 deletions
--- a/src/map.h
+++ b/src/map.h
@ -40,7 +40,7 @@ class Map {
  void addEntry(uint32_t entry, uint32_t flags);
  void addSymbol(uint32_t org, std::string name);
  uint32_t org;
-  uint8_t b;
+  uint8_t b = 0;
 private:
  std::string mapname;
--- a/src/omf.cc
+++ b/src/omf.cc
@ -386,7 +386,7 @@ bool OMF::relocSegments() {
      }
    }
    if (seg.isJump()) {  // patch jumptable
-      for (int i = 8; i < seg.length; i += 14) {
+      for (int i = 8; i < seg.length - 14; i += 14) {
        uint16_t segnum = data[i + 4] | (data[i + 5] << 8);
        int32_t subOffset = data[i + 6] | (data[i + 7] << 8) |
            (data[i + 8] << 16) | (data[i + 9] << 24);