LibELF: Fix an integer overflow in Image::find_sorted_symbol

The expression address - candidate.address can yield a value that cannot safely be converted to an i32 which would result in binary_search failing to find some symbols.
author: Gunnar Beutner <gbeutner@serenityos.org> 2021-05-17 14:31:25 +0200
committer: Andreas Kling <kling@serenityos.org> 2021-05-17 14:58:13 +0200
commit: 843f861f978b6b3287a2dec944492a680e367257 (patch)
tree: 862b06f7b7bd271586df122be30fa61becd26078
parent: 44ceee1e145fd8ff2e5e1ed8c0efc6db897a43c8 (diff)
download: serenity-843f861f978b6b3287a2dec944492a680e367257.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/Userland/Libraries/LibELF/Image.cpp b/Userland/Libraries/LibELF/Image.cpp
index 97ea2eba1e..b9bde0e15f 100644
--- a/Userland/Libraries/LibELF/Image.cpp
+++ b/Userland/Libraries/LibELF/Image.cpp
@@ -316,7 +316,12 @@ Image::SortedSymbol* Image::find_sorted_symbol(FlatPtr address) const
 
     size_t index = 0;
     binary_search(m_sorted_symbols, nullptr, &index, [&address](auto, auto& candidate) {
-        return address - candidate.address;
+        if (address < candidate.address)
+            return -1;
+        else if (address > candidate.address)
+            return 1;
+        else
+            return 0;
     });
     // FIXME: The error path here feels strange, index == 0 means error but what about symbol #0?
     if (index == 0)
author	Gunnar Beutner <gbeutner@serenityos.org>	2021-05-17 14:31:25 +0200
committer	Andreas Kling <kling@serenityos.org>	2021-05-17 14:58:13 +0200
commit	843f861f978b6b3287a2dec944492a680e367257 (patch)
tree	862b06f7b7bd271586df122be30fa61becd26078
parent	44ceee1e145fd8ff2e5e1ed8c0efc6db897a43c8 (diff)
download	serenity-843f861f978b6b3287a2dec944492a680e367257.zip