From e154d37e5e889dcf8f00775265526c807e79153b Mon Sep 17 00:00:00 2001
From: Kp <kp@valhallalegends.com>
Date: Tue, 24 May 2022 02:32:58 +0000
Subject: [PATCH] Tighten valptridx::ptridx range checking for pointer_type
 constructor

Previously, the supplied pointer was converted to an array index, then
passed to valptridx::idx for validation.  If the index_type is smaller
than std::size_t, this would truncate the value before validation.
Certain out-of-range indexes would be in-range after truncation, and
incorrectly not be reported.

Reorder the check to validate the index against the array size before
truncation.
---
 common/include/valptridx.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/include/valptridx.h b/common/include/valptridx.h
index 11fb36eb4..0737e857d 100644
--- a/common/include/valptridx.h
+++ b/common/include/valptridx.h
@@ -409,6 +409,10 @@ protected:
 		m_idx(i)
 	{
 	}
+	idx(DXX_VALPTRIDX_REPORT_STANDARD_LEADER_COMMA_R_DEFN_VARS typename policy::pointer_type p, array_managed_type &a) :
+		m_idx(check_index_range_size<index_range_error_type<array_managed_type>>(DXX_VALPTRIDX_REPORT_STANDARD_LEADER_COMMA_R_PASS_VARS p - &a.front(), &a))
+	{
+	}
 public:
 	template <integral_type v>
 		constexpr idx(const magic_constant<v> &) :
@@ -769,7 +773,7 @@ public:
 		 * vptr_type to avoid checking again.
 		 */
 		vptr_type(DXX_VALPTRIDX_REPORT_STANDARD_LEADER_COMMA_R_PASS_VARS (check_null_pointer<null_pointer_error_type<array_managed_type>>(DXX_VALPTRIDX_REPORT_STANDARD_LEADER_COMMA_R_PASS_VARS p, a), *p), a),
-		vidx_type(DXX_VALPTRIDX_REPORT_STANDARD_LEADER_COMMA_R_PASS_VARS p - static_cast<pointer_type>(&a.front()), a)
+		vidx_type(DXX_VALPTRIDX_REPORT_STANDARD_LEADER_COMMA_R_PASS_VARS p, a)
 	{
 	}
 	ptridx(DXX_VALPTRIDX_REPORT_STANDARD_LEADER_COMMA_R_DEFN_VARS pointer_type p, index_type i, array_managed_type &a) :