From d1d12246b7c5df3e20b062e536da9b4e639a4a66 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Thu, 25 Jan 2024 22:46:42 -0500
Subject: dumpelf: check dyn pointer before DT_NULL check too

We were checking the pointer before dumping it, but missed the
DT_NULL check in the overall while loop.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(cherry picked from commit 7b37c40d0409d79a925b71135e9de96343096ce8)
Signed-off-by: Sam James <sam@gentoo.org>
---
 dumpelf.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dumpelf.c b/dumpelf.c
index 0afb6c7..6ce8403 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -125,13 +125,17 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
 		if (elf->elf_class == ELFCLASS ## B) { \
 		const Elf ## B ## _Phdr *phdr = phdr_dynamic_void; \
 		const Elf ## B ## _Dyn *dyn = elf->vdata + EGET(phdr->p_offset); \
+		if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
+			printf(" /* invalid dynamic tags ! */ "); \
+			goto break_out_dyn; \
+		} \
 		i = 0; \
 		do { \
+			dump_dyn(elf, dyn++, i++); \
 			if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
 				printf(" /* invalid dynamic tags ! */ "); \
 				break; \
 			} \
-			dump_dyn(elf, dyn++, i++); \
 		} while (EGET(dyn->d_tag) != DT_NULL); \
 		}
 		DUMP_DYNS(32)
@@ -139,6 +143,7 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
 	} else {
 		printf(" /* no dynamic tags ! */ ");
 	}
+ break_out_dyn:
 	printf("};\n");
 }
 
-- 
cgit v1.2.3-65-gdbad