From 46e2490cb0ebfa2ab96798d0b5417613f42ca4f7 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Tue, 28 Aug 2018 10:23:24 -0500
Subject: [PATCH] binpac: Fix array bounds checking

For arrays that are fields within a record, the bounds check was based
on a pointer to the start of the record rather than the start of the
array field.
---
 tools/binpac/src/pac_array.cc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tools/binpac/src/pac_array.cc b/tools/binpac/src/pac_array.cc
index a878918d52..fc07e77517 100644
--- a/tools/binpac/src/pac_array.cc
+++ b/tools/binpac/src/pac_array.cc
@@ -320,16 +320,18 @@ void ArrayType::GenArrayLength(Output *out_cc, Env *env, const DataPtr& data)
 			                    env->RValue(arraylength_var()));
 			}
 
-		out_cc->println("if ( t_begin_of_data + %s > t_end_of_data || "
-		                "t_begin_of_data + %s < t_begin_of_data )",
-		                array_size.c_str(), array_size.c_str());
+		const char* array_ptr_expr = data.ptr_expr();
+
+		out_cc->println("if ( %s + %s > %s || %s + %s < %s )",
+		                array_ptr_expr, array_size.c_str(), env->RValue(end_of_data),
+		                array_ptr_expr, array_size.c_str(), array_ptr_expr);
 		out_cc->inc_indent();
 		out_cc->println("throw binpac::ExceptionOutOfBound(\"%s\",",
 		                data_id_str_.c_str());
 		out_cc->println("  %s, (%s) - (%s));",
 		                array_size.c_str(),
 		                env->RValue(end_of_data),
-		                env->RValue(begin_of_data));
+		                array_ptr_expr);
 		out_cc->dec_indent();
 		}
 	else if ( attr_restofdata_ )