From a35f89f86ed12161af09330e92e5a213014e46a1 Mon Sep 17 00:00:00 2001
From: pancake <pancake@nopcode.org>
Date: Mon, 21 Feb 2022 19:25:02 +0100
Subject: [PATCH] Fix oobread in macho core symbolication ##crash

* Reported by @cnitlrt via huntr.dev
---
 libr/bin/format/mach0/coresymbolication.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libr/bin/format/mach0/coresymbolication.c b/libr/bin/format/mach0/coresymbolication.c
index 5385509f32491..f350199550b50 100644
--- a/libr/bin/format/mach0/coresymbolication.c
+++ b/libr/bin/format/mach0/coresymbolication.c
@@ -222,7 +222,7 @@ RCoreSymCacheElement *r_coresym_cache_element_new(RBinFile *bf, RBuffer *buf, ut
 		}
 		size_t i;
 		ut8 *cursor = b + R_CS_EL_OFF_SEGS;
-		for (i = 0; i < hdr->n_segments && cursor < end; i++) {
+		for (i = 0; i < hdr->n_segments && cursor + sizeof (RCoreSymCacheElementSegment) < end; i++) {
 			RCoreSymCacheElementSegment *seg = &result->segments[i];
 			seg->paddr = seg->vaddr = r_read_le64 (cursor);
 			cursor += 8;