From 57f6ad4c08ef0bebc1de68113049ac56cc7033d7 Mon Sep 17 00:00:00 2001
From: Barak Aharoni <97598628+BarakAharoni@users.noreply.github.com>
Date: Tue, 19 Nov 2024 10:14:15 +0000
Subject: [PATCH] Fix NSRangeException when removing load command

---
 optool/operations.m | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/optool/operations.m b/optool/operations.m
index b445c97..999d08e 100644
--- a/optool/operations.m
+++ b/optool/operations.m
@@ -265,6 +265,13 @@ BOOL removeLoadEntryFromBinary(NSMutableData *binary, struct thin_header macho,
             case LC_LOAD_DYLIB: {
                 
                 struct dylib_command command = *(struct dylib_command *)(binary.bytes + binary.currentOffset);
+
+                // validate name's range offset is in binary bounds
+                if (binary.currentOffset + command.cmdsize > binary.length) {
+                    LOG("Command at offset %lu is out of binary bounds", binary.currentOffset);
+                    break;
+                }
+
                 char *name = (char *)[[binary subdataWithRange:NSMakeRange(binary.currentOffset + command.dylib.name.offset, command.cmdsize - command.dylib.name.offset)] bytes];
                 if ([@(name) isEqualToString:payload] && removedOrdinal == -1) {
                     LOG("removing payload from %s...", LC(cmd));