Simplify and fix macho trie checks (#2250)

Fix regression introduced in e2edd9d Build with clang+optimization on linux, then valgrind rizin test/bins/fuzzed/65940f6c970bb373444e0d0aab817edc to detect the original issues.
rizinorg · Jan 26, 2022 · 56c6e83 · 56c6e83
1 parent 0f8cd0b
commit 56c6e83
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/librz/bin/format/mach0/mach0.c b/librz/bin/format/mach0/mach0.c
@@ -2632,7 +2632,7 @@ static int walk_exports(struct MACH0_(obj_t) * bin, RExportsIterator iterator, v
 	ut8 *trie = NULL;
 	RzList *states = NULL;
 	ut64 size = bin->dyld_info->export_size;
-	if (!size) {
+	if (!size || size >= SIZE_MAX) {
 		return count;
 	}
 	trie = calloc(size + 1, 1);
@@ -2751,12 +2751,12 @@ static int walk_exports(struct MACH0_(obj_t) * bin, RExportsIterator iterator, v
 			RZ_FREE(next);
 			goto beach;
 		}
-		if (SZT_ADD_OVFCHK((size_t)tr, (size_t)trie) || (size_t)tr + trie >= end) {
+		if (tr >= size) {
 			RZ_LOG_ERROR("malformed export trie\n");
 			RZ_FREE(next);
 			goto beach;
 		}
-		next->node = (size_t)tr + trie;
+		next->node = trie + (size_t)tr;
 		{
 			// avoid loops
 			RzListIter *it;