readelf: memrchr searches backwards but takes the start buf as argumentusers/mark/try-handle_dynamic_d_val

The bug (caught by valgrind) was giving memrchr to end of the buffer.

Also as cleanup, Use d_val not d_ptr for calculating offset.

2 files changed, 9 insertions, 4 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index db20a6ef..42ce6640 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2022-08-01  Mark Wielaard  <mark@klomp.org>
+
+	* readelf.c (handle_dynamic): Pass start of buffer to memrchr.
+	Use dyn->d_un.d_val for offsets instead of d_ptr.
+
 2022-04-28  Di Chen  <dichen@redhat.com>
 
 	* readelf.c (options): Add use-dynamic 'D'.
diff --git a/src/readelf.c b/src/readelf.c
index f4d973da..f1f77ce8 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1905,10 +1905,10 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, GElf_Phdr *phdr)
 	{
 	  if (! use_dynamic_segment)
 	    name = elf_strptr (ebl->elf, shdr->sh_link, dyn->d_un.d_val);
-	  else if (dyn->d_un.d_ptr < strtab_data->d_size
-		   && memrchr (strtab_data->d_buf + strtab_data->d_size - 1, '\0',
-			       strtab_data->d_size - 1 - dyn->d_un.d_ptr) != NULL)
-	    name = ((char *) strtab_data->d_buf) + dyn->d_un.d_ptr;
+	  else if (dyn->d_un.d_val < strtab_data->d_size
+		   && memrchr (strtab_data->d_buf + dyn->d_un.d_val, '\0',
+			       strtab_data->d_size - 1 - dyn->d_un.d_val) != NULL)
+	    name = ((char *) strtab_data->d_buf) + dyn->d_un.d_val;
 	}
 
       switch (dyn->d_tag)