Read dynstr starting at rpath offset

leroycep · andrewrk · commit c26d9f628715 · 2022-07-19T14:01:35.000-04:00
Since we know the offset, we may as well read starting there. Still expects rpath to fit in 4096 bytes; that might be worth fixing in the future. Fixes issue #12112
diff --git a/lib/std/zig/system/NativeTargetInfo.zig b/lib/std/zig/system/NativeTargetInfo.zig
@@ -653,12 +653,17 @@ pub fn abiAndDynamicLinkerFromFile(
             } else null;
 
             if (dynstr) |ds| {
-                const strtab_len = std.math.min(ds.size, strtab_buf.len);
-                const strtab_read_len = try preadMin(file, &strtab_buf, ds.offset, strtab_len);
-                const strtab = strtab_buf[0..strtab_read_len];
                 // TODO this pointer cast should not be necessary
                 const rpoff_usize = std.math.cast(usize, rpoff) orelse return error.InvalidElfFile;
-                const rpath_list = mem.sliceTo(std.meta.assumeSentinel(strtab[rpoff_usize..].ptr, 0), 0);
+                if (rpoff_usize > ds.size) return error.InvalidElfFile;
+                const rpoff_file = ds.offset + rpoff_usize;
+                const rp_max_size = ds.size - rpoff_usize;
+
+                const strtab_len = std.math.min(rp_max_size, strtab_buf.len);
+                const strtab_read_len = try preadMin(file, &strtab_buf, rpoff_file, strtab_len);
+                const strtab = strtab_buf[0..strtab_read_len];
+
+                const rpath_list = mem.sliceTo(std.meta.assumeSentinel(strtab.ptr, 0), 0);
                 var it = mem.tokenize(u8, rpath_list, ":");
                 while (it.next()) |rpath| {
                     var dir = fs.cwd().openDir(rpath, .{}) catch |err| switch (err) {
