Use integer offset math instead of pointer math to determine load command bounds. Upstream-URL: https://github.com/llvm/llvm-project/issues/56746 --- llvm-14.0.6.src/lib/Object/MachOObjectFile.cpp.old 2022-06-22 16:46:24.000000000 +0000 +++ llvm-14.0.6.src/lib/Object/MachOObjectFile.cpp 2022-11-28 04:21:02.730211841 +0000 @@ -192,7 +192,8 @@ getLoadCommandInfo(const MachOObjectFile &Obj, const char *Ptr, uint32_t LoadCommandIndex) { if (auto CmdOrErr = getStructOrErr(Obj, Ptr)) { - if (CmdOrErr->cmdsize + Ptr > Obj.getData().end()) + uint64_t Offset = Ptr - Obj.getData().begin(); + if (CmdOrErr->cmdsize + Offset > Obj.getData().size()) return malformedError("load command " + Twine(LoadCommandIndex) + " extends past end of file"); if (CmdOrErr->cmdsize < 8)