MachOParser.cpp   [plain text]

/*
 * Copyright (c) 2017 Apple Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */



#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <uuid/uuid.h>
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>
#include <sys/uio.h>
#include <sys/param.h>
#include <sys/sysctl.h>
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <rootless.h>
#include <dirent.h>
#include <mach/mach.h>
#include <mach/machine.h>
#include <mach-o/loader.h>
#include <mach-o/nlist.h>
#include <mach-o/fat.h>
#include <mach-o/reloc.h>
#include <mach-o/dyld_priv.h>
#include <CommonCrypto/CommonDigest.h>

#if !DYLD_IN_PROCESS
#include <dlfcn.h>
#endif

#include "MachOParser.h"
#include "Logging.h"
#include "CodeSigningTypes.h"
#include "DyldSharedCache.h"
#include "Trie.hpp"

#if DYLD_IN_PROCESS
    #include "APIs.h"
#else
    #include "StringUtils.h"
#endif



#ifndef EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE
    #define EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE 0x02
#endif

#ifndef CPU_SUBTYPE_ARM64_E
    #define CPU_SUBTYPE_ARM64_E    2
#endif

#ifndef LC_BUILD_VERSION
    #define LC_BUILD_VERSION 0x32 /* build for platform min OS version */

    /*
     * The build_version_command contains the min OS version on which this
     * binary was built to run for its platform.  The list of known platforms and
     * tool values following it.
     */
    struct build_version_command {
        uint32_t    cmd;        /* LC_BUILD_VERSION */
        uint32_t    cmdsize;    /* sizeof(struct build_version_command) plus */
        /* ntools * sizeof(struct build_tool_version) */
        uint32_t    platform;   /* platform */
        uint32_t    minos;      /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
        uint32_t    sdk;        /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
        uint32_t    ntools;     /* number of tool entries following this */
    };

    struct build_tool_version {
        uint32_t    tool;       /* enum for the tool */
        uint32_t    version;    /* version number of the tool */
    };

    /* Known values for the platform field above. */
    #define PLATFORM_MACOS      1
    #define PLATFORM_IOS        2
    #define PLATFORM_TVOS       3
    #define PLATFORM_WATCHOS    4
    #define PLATFORM_BRIDGEOS   5

    /* Known values for the tool field above. */
    #define TOOL_CLANG    1
    #define TOOL_SWIFT    2
    #define TOOL_LD       3
#endif


namespace dyld3 {


bool FatUtil::isFatFile(const void* fileStart)
{
    const fat_header* fileStartAsFat = (fat_header*)fileStart;
    return ( fileStartAsFat->magic == OSSwapBigToHostInt32(FAT_MAGIC) );
}

/// Returns true if (addLHS + addRHS) > b, or if the add overflowed
template<typename T>
static bool greaterThanAddOrOverflow(uint32_t addLHS, uint32_t addRHS, T b) {
    return (addLHS > b) || (addRHS > (b-addLHS));
}

/// Returns true if (addLHS + addRHS) > b, or if the add overflowed
template<typename T>
static bool greaterThanAddOrOverflow(uint64_t addLHS, uint64_t addRHS, T b) {
    return (addLHS > b) || (addRHS > (b-addLHS));
}

void FatUtil::forEachSlice(Diagnostics& diag, const void* fileContent, size_t fileLen, void (^callback)(uint32_t sliceCpuType, uint32_t sliceCpuSubType, const void* sliceStart, size_t sliceSize, bool& stop))
{
    const fat_header* fh = (fat_header*)fileContent;
    if ( fh->magic != OSSwapBigToHostInt32(FAT_MAGIC) ) {
        diag.error("not a fat file");
        return;
    }

    if ( OSSwapBigToHostInt32(fh->nfat_arch) > ((4096 - sizeof(fat_header)) / sizeof(fat_arch)) ) {
        diag.error("fat header too large: %u entries", OSSwapBigToHostInt32(fh->nfat_arch));
    }
    const fat_arch* const archs = (fat_arch*)(((char*)fh)+sizeof(fat_header));
    bool stop = false;
    for (uint32_t i=0; i < OSSwapBigToHostInt32(fh->nfat_arch); ++i) {
        uint32_t cpuType    = OSSwapBigToHostInt32(archs[i].cputype);
        uint32_t cpuSubType = OSSwapBigToHostInt32(archs[i].cpusubtype);
        uint32_t offset     = OSSwapBigToHostInt32(archs[i].offset);
        uint32_t len        = OSSwapBigToHostInt32(archs[i].size);
        if (greaterThanAddOrOverflow(offset, len, fileLen)) {
            diag.error("slice %d extends beyond end of file", i);
            return;
        }
        callback(cpuType, cpuSubType, (uint8_t*)fileContent+offset, len, stop);
        if ( stop )
            break;
    }
}

#if !DYLD_IN_PROCESS
bool FatUtil::isFatFileWithSlice(Diagnostics& diag, const void* fileContent, size_t fileLen, const std::string& archName, size_t& sliceOffset, size_t& sliceLen, bool& missingSlice)
{
    missingSlice = false;
    if ( !isFatFile(fileContent) )
        return false;

    __block bool found = false;
    forEachSlice(diag, fileContent, fileLen, ^(uint32_t sliceCpuType, uint32_t sliceCpuSubType, const void* sliceStart, size_t sliceSize, bool& stop) {
        std::string sliceArchName = MachOParser::archName(sliceCpuType, sliceCpuSubType);
        if ( sliceArchName == archName ) {
            sliceOffset = (char*)sliceStart - (char*)fileContent;
            sliceLen    = sliceSize;
            found       = true;
            stop        = true;
        }
    });
    if ( diag.hasError() )
        return false;

    if ( !found )
        missingSlice = true;

    // when looking for x86_64h fallback to x86_64
    if ( !found && (archName == "x86_64h") )
        return isFatFileWithSlice(diag, fileContent, fileLen, "x86_64", sliceOffset, sliceLen, missingSlice);

    return found;
}

#endif

MachOParser::MachOParser(const mach_header* mh, bool dyldCacheIsRaw)
{
#if DYLD_IN_PROCESS
    // assume all in-process mach_headers are real loaded images
    _data = (long)mh;
#else
    if (mh == nullptr)
        return;
    _data = (long)mh;
    if ( (mh->flags & 0x80000000) == 0 ) {
        // asssume out-of-process mach_header not in a dyld cache are raw mapped files
        _data |= 1;
    }
    else {
        // out-of-process mach_header in a dyld cache are not raw, but cache may be raw
        if ( dyldCacheIsRaw )
            _data |= 2;
    }
#endif
}

const mach_header* MachOParser::header() const
{
    return (mach_header*)(_data & -4);
}

// "raw" means the whole mach-o file was mapped as one contiguous region
// not-raw means the the mach-o file was mapped like dyld does - with zero fill expansion
bool MachOParser::isRaw() const
{
    return (_data & 1);
}

// A raw dyld cache is when the whole dyld cache file is mapped in one contiguous region
// not-raw manes the dyld cache was mapped as it is at runtime with padding between regions
bool MachOParser::inRawCache() const
{
    return (_data & 2);
}

uint32_t MachOParser::fileType() const
{
    return header()->filetype;
}

bool MachOParser::inDyldCache() const
{
    return (header()->flags & 0x80000000);
}

bool MachOParser::hasThreadLocalVariables() const
{
    return (header()->flags & MH_HAS_TLV_DESCRIPTORS);
}

Platform MachOParser::platform() const
{
    Platform platform;
    uint32_t minOS;
    uint32_t sdk;
    if ( getPlatformAndVersion(&platform, &minOS, &sdk) )
        return platform;

    // old binary with no explict load command to mark platform, look at arch
    switch ( header()->cputype ) {
        case CPU_TYPE_X86_64:
        case CPU_TYPE_I386:
            return Platform::macOS;
        case CPU_TYPE_ARM64:
        case CPU_TYPE_ARM:
            return Platform::iOS;
    }
    return Platform::macOS;
}


#if !DYLD_IN_PROCESS

const MachOParser::ArchInfo MachOParser::_s_archInfos[] = {
    { "x86_64", CPU_TYPE_X86_64, CPU_SUBTYPE_X86_64_ALL },
    { "x86_64h", CPU_TYPE_X86_64, CPU_SUBTYPE_X86_64_H },
    { "i386", CPU_TYPE_I386, CPU_SUBTYPE_I386_ALL },
    { "arm64", CPU_TYPE_ARM64, CPU_SUBTYPE_ARM64_ALL },
    { "arm64e", CPU_TYPE_ARM64, CPU_SUBTYPE_ARM64_E },
    { "armv7k", CPU_TYPE_ARM, CPU_SUBTYPE_ARM_V7K },
    { "armv7s", CPU_TYPE_ARM, CPU_SUBTYPE_ARM_V7S },
    { "armv7", CPU_TYPE_ARM, CPU_SUBTYPE_ARM_V7 }
};

bool MachOParser::isValidMachO(Diagnostics& diag, const std::string& archName, Platform platform, const void* fileContent, size_t fileLength, const std::string& pathOpened, bool ignoreMainExecutables)
{
    // must start with mach-o magic value
    const mach_header* mh = (const mach_header*)fileContent;
    if ( (mh->magic != MH_MAGIC) && (mh->magic != MH_MAGIC_64) ) {
        diag.warning("could not use '%s' because it is not a mach-o file", pathOpened.c_str());
        return false;
    }

    // must match requested architecture if specified
    if (!archName.empty() && !isArch(mh, archName)) {
        // except when looking for x86_64h, fallback to x86_64
        if ( (archName != "x86_64h") || !isArch(mh, "x86_64") ) {
            diag.warning("could not use '%s' because it does not contain required architecture %s", pathOpened.c_str(), archName.c_str());
            return false;
        }
    }

    // must be a filetype dyld can load
    switch ( mh->filetype ) {
        case MH_EXECUTE:
            if ( ignoreMainExecutables )
                return false;
            break;
        case MH_DYLIB:
        case MH_BUNDLE:
            break;
        default:
            diag.warning("could not use '%s' because it is not a dylib, bundle, or executable", pathOpened.c_str());
            return false;
    }

    // must be from a file - not in the dyld shared cache
    if ( mh->flags & 0x80000000 ) {
        diag.warning("could not use '%s' because the high bit of mach_header flags is reserved for images in dyld cache", pathOpened.c_str());
        return false;
    }

    // validate load commands structure
    MachOParser parser(mh);
    if ( !parser.validLoadCommands(diag, fileLength) )
        return false;

    // must match requested platform
    if ( parser.platform() != platform ) {
        diag.warning("could not use '%s' because it was built for a different platform", pathOpened.c_str());
        return false;
    }

    // cannot be a static executable
    if ( (mh->filetype == MH_EXECUTE) && !parser.isDynamicExecutable() ) {
        diag.warning("could not use '%s' because it is a static executable", pathOpened.c_str());
        return false;
    }

    // validate dylib loads
    if ( !parser.validEmbeddedPaths(diag) )
        return false;

    // validate segments
    if ( !parser.validSegments(diag, fileLength) )
        return false;

    // validate LINKEDIT layout
    if ( !parser.validLinkeditLayout(diag) )
        return false;

     return true;
}


bool MachOParser::validLoadCommands(Diagnostics& diag, size_t fileLen)
{
    // check load command don't exceed file length
    if ( header()->sizeofcmds + sizeof(mach_header_64) > fileLen ) {
        diag.warning("load commands exceed length of file");
        return false;
    }
    // walk all load commands and sanity check them
    Diagnostics walkDiag;
    LinkEditInfo lePointers;
    getLinkEditLoadCommands(walkDiag, lePointers);
    if ( walkDiag.hasError() ) {
        diag.warning("%s", walkDiag.errorMessage().c_str());
        return false;
    }

    // check load commands fit in TEXT segment
    __block bool overflowText = false;
    forEachSegment(^(const char* segName, uint32_t segFileOffset, uint32_t segFileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        if ( strcmp(segName, "__TEXT") == 0 ) {
            if ( header()->sizeofcmds + sizeof(mach_header_64) > segFileSize ) {
                diag.warning("load commands exceed length of __TEXT segment");
                overflowText = true;
            }
            stop = true;
        }
    });
    if ( overflowText )
        return false;

    return true;
}

bool MachOParser::validEmbeddedPaths(Diagnostics& diag)
{
    __block int index = 1;
    __block bool allGood = true;
    __block bool foundInstallName = false;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        const dylib_command* dylibCmd;
        const rpath_command* rpathCmd;
        switch ( cmd->cmd ) {
            case LC_ID_DYLIB:
                foundInstallName = true;
                // fall through
            case LC_LOAD_DYLIB:
            case LC_LOAD_WEAK_DYLIB:
            case LC_REEXPORT_DYLIB:
            case LC_LOAD_UPWARD_DYLIB:
                dylibCmd = (dylib_command*)cmd;
                if ( dylibCmd->dylib.name.offset > cmd->cmdsize ) {
                    diag.warning("load command #%d name offset (%u) outside its size (%u)", index, dylibCmd->dylib.name.offset, cmd->cmdsize);
                    stop = true;
                    allGood = false;
                }
                else {
                    bool foundEnd = false;
                    const char* start = (char*)dylibCmd + dylibCmd->dylib.name.offset;
                    const char* end   = (char*)dylibCmd + cmd->cmdsize;
                    for (const char* s=start; s < end; ++s) {
                        if ( *s == '\0' ) {
                            foundEnd = true;
                            break;
                        }
                    }
                    if ( !foundEnd ) {
                        diag.warning("load command #%d string extends beyond end of load command", index);
                        stop = true;
                        allGood = false;
                    }
                }
                break;
            case LC_RPATH:
                rpathCmd = (rpath_command*)cmd;
                if ( rpathCmd->path.offset > cmd->cmdsize ) {
                    diag.warning("load command #%d path offset (%u) outside its size (%u)", index, rpathCmd->path.offset, cmd->cmdsize);
                    stop = true;
                    allGood = false;
                }
                else {
                    bool foundEnd = false;
                    const char* start = (char*)rpathCmd + rpathCmd->path.offset;
                    const char* end   = (char*)rpathCmd + cmd->cmdsize;
                    for (const char* s=start; s < end; ++s) {
                        if ( *s == '\0' ) {
                            foundEnd = true;
                            break;
                        }
                    }
                    if ( !foundEnd ) {
                        diag.warning("load command #%d string extends beyond end of load command", index);
                        stop = true;
                        allGood = false;
                    }
                }
                break;
        }
        ++index;
    });

    if ( header()->filetype == MH_DYLIB ) {
        if ( !foundInstallName ) {
            diag.warning("MH_DYLIB is missing LC_ID_DYLIB");
            allGood = false;
        }
    }
    else {
        if ( foundInstallName ) {
            diag.warning("LC_ID_DYLIB found in non-MH_DYLIB");
            allGood = false;
        }
    }

    return allGood;
}

bool MachOParser::validSegments(Diagnostics& diag, size_t fileLen)
{
    // check segment load command size
    __block bool badSegmentLoadCommand = false;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_SEGMENT_64 ) {
            const segment_command_64* seg = (segment_command_64*)cmd;
            int32_t sectionsSpace = cmd->cmdsize - sizeof(segment_command_64);
            if ( sectionsSpace < 0 ) {
               diag.warning("load command size too small for LC_SEGMENT_64");
               badSegmentLoadCommand = true;
               stop = true;
            }
            else if ( (sectionsSpace % sizeof(section_64)) != 0 ) {
               diag.warning("segment load command size 0x%X will not fit whole number of sections", cmd->cmdsize);
               badSegmentLoadCommand = true;
               stop = true;
            }
            else if ( sectionsSpace != (seg->nsects * sizeof(section_64)) ) {
               diag.warning("load command size 0x%X does not match nsects %d", cmd->cmdsize, seg->nsects);
               badSegmentLoadCommand = true;
               stop = true;
            } else if (greaterThanAddOrOverflow(seg->fileoff, seg->filesize, fileLen)) {
                diag.warning("segment load command content extends beyond end of file");
                badSegmentLoadCommand = true;
                stop = true;
            } else if ( (seg->filesize > seg->vmsize) && ((seg->vmsize != 0) || ((seg->flags & SG_NORELOC) == 0)) ) {
                // <rdar://problem/19986776> dyld should support non-allocatable __LLVM segment
                diag.warning("segment filesize exceeds vmsize");
                badSegmentLoadCommand = true;
                stop = true;
            }
       }
        else if ( cmd->cmd == LC_SEGMENT ) {
            const segment_command* seg = (segment_command*)cmd;
            int32_t sectionsSpace = cmd->cmdsize - sizeof(segment_command);
            if ( sectionsSpace < 0 ) {
               diag.warning("load command size too small for LC_SEGMENT");
               badSegmentLoadCommand = true;
               stop = true;
            }
            else if ( (sectionsSpace % sizeof(section)) != 0 ) {
               diag.warning("segment load command size 0x%X will not fit whole number of sections", cmd->cmdsize);
               badSegmentLoadCommand = true;
               stop = true;
            }
            else if ( sectionsSpace != (seg->nsects * sizeof(section)) ) {
               diag.warning("load command size 0x%X does not match nsects %d", cmd->cmdsize, seg->nsects);
               badSegmentLoadCommand = true;
               stop = true;
            } else if ( (seg->filesize > seg->vmsize) && ((seg->vmsize != 0) || ((seg->flags & SG_NORELOC) == 0)) ) {
                // <rdar://problem/19986776> dyld should support non-allocatable __LLVM segment
                diag.warning("segment filesize exceeds vmsize");
                badSegmentLoadCommand = true;
                stop = true;
            }
        }
    });
     if ( badSegmentLoadCommand )
         return false;

    // check mapping permissions of segments
    __block bool badPermissions = false;
    __block bool badSize        = false;
    __block bool hasTEXT        = false;
    __block bool hasLINKEDIT    = false;
    forEachSegment(^(const char* segName, uint32_t segFileOffset, uint32_t segFileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        if ( strcmp(segName, "__TEXT") == 0 ) {
            if ( protections != (VM_PROT_READ|VM_PROT_EXECUTE) ) {
                diag.warning("__TEXT segment permissions is not 'r-x'");
                badPermissions = true;
                stop = true;
            }
            hasTEXT = true;
        }
        else if ( strcmp(segName, "__LINKEDIT") == 0 ) {
            if ( protections != VM_PROT_READ ) {
                diag.warning("__LINKEDIT segment permissions is not 'r--'");
                badPermissions = true;
                stop = true;
            }
            hasLINKEDIT = true;
        }
        else if ( (protections & 0xFFFFFFF8) != 0 ) {
            diag.warning("%s segment permissions has invalid bits set", segName);
            badPermissions = true;
            stop = true;
        }
        if (greaterThanAddOrOverflow(segFileOffset, segFileSize, fileLen)) {
            diag.warning("%s segment content extends beyond end of file", segName);
            badSize = true;
            stop = true;
        }
        if ( is64() ) {
            if ( vmAddr+vmSize < vmAddr ) {
                diag.warning("%s segment vm range wraps", segName);
                badSize = true;
                stop = true;
            }
       }
       else {
            if ( (uint32_t)(vmAddr+vmSize) < (uint32_t)(vmAddr) ) {
                diag.warning("%s segment vm range wraps", segName);
                badSize = true;
                stop = true;
            }
       }
    });
    if ( badPermissions || badSize )
        return false;
    if ( !hasTEXT ) {
       diag.warning("missing __TEXT segment");
       return false;
    }
    if ( !hasLINKEDIT ) {
       diag.warning("missing __LINKEDIT segment");
       return false;
    }

    // check for overlapping segments
    __block bool badSegments = false;
    forEachSegment(^(const char* seg1Name, uint32_t seg1FileOffset, uint32_t seg1FileSize, uint64_t seg1vmAddr, uint64_t seg1vmSize, uint8_t seg1Protections, uint32_t seg1Index, uint64_t seg1SizeOfSections, uint8_t seg1Align, bool& stop1) {
        uint64_t seg1vmEnd   = seg1vmAddr + seg1vmSize;
        uint32_t seg1FileEnd = seg1FileOffset + seg1FileSize;
        forEachSegment(^(const char* seg2Name, uint32_t seg2FileOffset, uint32_t seg2FileSize, uint64_t seg2vmAddr, uint64_t seg2vmSize, uint8_t seg2Protections, uint32_t seg2Index, uint64_t seg2SizeOfSections, uint8_t seg2Align, bool& stop2) {
            if ( seg1Index == seg2Index )
                return;
            uint64_t seg2vmEnd   = seg2vmAddr + seg2vmSize;
            uint32_t seg2FileEnd = seg2FileOffset + seg2FileSize;
            if ( ((seg2vmAddr <= seg1vmAddr) && (seg2vmEnd > seg1vmAddr) && (seg1vmEnd > seg1vmAddr)) || ((seg2vmAddr >= seg1vmAddr) && (seg2vmAddr < seg1vmEnd) && (seg2vmEnd > seg2vmAddr)) ) {
                diag.warning("segment %s vm range overlaps segment %s", seg1Name, seg2Name);
                badSegments = true;
                stop1 = true;
                stop2 = true;
            }
             if ( ((seg2FileOffset <= seg1FileOffset) && (seg2FileEnd > seg1FileOffset) && (seg1FileEnd > seg1FileOffset)) || ((seg2FileOffset >= seg1FileOffset) && (seg2FileOffset < seg1FileEnd) && (seg2FileEnd > seg2FileOffset)) ) {
                diag.warning("segment %s file content overlaps segment %s", seg1Name, seg2Name);
                badSegments = true;
                stop1 = true;
                stop2 = true;
            }
            // check for out of order segments
            if ( (seg1Index < seg2Index) && !stop1 ) {
                if ( (seg1vmAddr > seg2vmAddr) || ((seg1FileOffset > seg2FileOffset) && (seg1FileOffset != 0) && (seg2FileOffset != 0)) ){
                    diag.warning("segment load commands out of order with respect to layout for %s and %s", seg1Name, seg2Name);
                    badSegments = true;
                    stop1 = true;
                    stop2 = true;
                }
            }
        });
    });
    if ( badSegments )
        return false;

    // check sections are within segment
    __block bool badSections = false;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_SEGMENT_64 ) {
            const segment_command_64* seg = (segment_command_64*)cmd;
            const section_64* const sectionsStart = (section_64*)((char*)seg + sizeof(struct segment_command_64));
            const section_64* const sectionsEnd   = &sectionsStart[seg->nsects];
            for (const section_64* sect=sectionsStart; (sect < sectionsEnd); ++sect) {
                if ( (int64_t)(sect->size) < 0 ) {
                    diag.warning("section %s size too large 0x%llX", sect->sectname, sect->size);
                    badSections = true;
                }
                else if ( sect->addr < seg->vmaddr ) {
                    diag.warning("section %s start address 0x%llX is before containing segment's address 0x%0llX",  sect->sectname, sect->addr, seg->vmaddr);
                    badSections = true;
                }
                else if ( sect->addr+sect->size > seg->vmaddr+seg->vmsize ) {
                    diag.warning("section %s end address 0x%llX is beyond containing segment's end address 0x%0llX", sect->sectname, sect->addr+sect->size, seg->vmaddr+seg->vmsize);
                    badSections = true;
                }
            }
        }
        else if ( cmd->cmd == LC_SEGMENT ) {
            const segment_command* seg = (segment_command*)cmd;
            const section* const sectionsStart = (section*)((char*)seg + sizeof(struct segment_command));
            const section* const sectionsEnd   = &sectionsStart[seg->nsects];
            for (const section* sect=sectionsStart; !stop && (sect < sectionsEnd); ++sect) {
               if ( (int64_t)(sect->size) < 0 ) {
                    diag.warning("section %s size too large 0x%X", sect->sectname, sect->size);
                    badSections = true;
                }
                else if ( sect->addr < seg->vmaddr ) {
                    diag.warning("section %s start address 0x%X is before containing segment's address 0x%0X",  sect->sectname, sect->addr, seg->vmaddr);
                    badSections = true;
                }
                else if ( sect->addr+sect->size > seg->vmaddr+seg->vmsize ) {
                    diag.warning("section %s end address 0x%X is beyond containing segment's end address 0x%0X", sect->sectname, sect->addr+sect->size, seg->vmaddr+seg->vmsize);
                    badSections = true;
                }
            }
        }
    });

    return !badSections;
}

struct LinkEditContent
{
    const char* name;
    uint32_t    stdOrder;
    uint32_t    fileOffsetStart;
    uint32_t    size;
};



bool MachOParser::validLinkeditLayout(Diagnostics& diag)
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return false;
    const bool     is64Bit = is64();
    const uint32_t pointerSize = (is64Bit ? 8 : 4);

    // build vector of all blobs in LINKEDIT
    std::vector<LinkEditContent> blobs;
    if ( leInfo.dyldInfo != nullptr ) {
        if ( leInfo.dyldInfo->rebase_size != 0 )
            blobs.push_back({"rebase opcodes",         1, leInfo.dyldInfo->rebase_off, leInfo.dyldInfo->rebase_size});
        if ( leInfo.dyldInfo->bind_size != 0 )
            blobs.push_back({"bind opcodes",           2, leInfo.dyldInfo->bind_off, leInfo.dyldInfo->bind_size});
        if ( leInfo.dyldInfo->weak_bind_size != 0 )
            blobs.push_back({"weak bind opcodes",      3, leInfo.dyldInfo->weak_bind_off, leInfo.dyldInfo->weak_bind_size});
        if ( leInfo.dyldInfo->lazy_bind_size != 0 )
            blobs.push_back({"lazy bind opcodes",      4, leInfo.dyldInfo->lazy_bind_off, leInfo.dyldInfo->lazy_bind_size});
        if ( leInfo.dyldInfo->export_size!= 0 )
            blobs.push_back({"exports trie",           5, leInfo.dyldInfo->export_off, leInfo.dyldInfo->export_size});
    }
    if ( leInfo.dynSymTab != nullptr ) {
        if ( leInfo.dynSymTab->nlocrel != 0 )
            blobs.push_back({"local relocations",      6, leInfo.dynSymTab->locreloff, static_cast<uint32_t>(leInfo.dynSymTab->nlocrel*sizeof(relocation_info))});
        if ( leInfo.dynSymTab->nextrel != 0 )
            blobs.push_back({"external relocations",  11, leInfo.dynSymTab->extreloff, static_cast<uint32_t>(leInfo.dynSymTab->nextrel*sizeof(relocation_info))});
        if ( leInfo.dynSymTab->nindirectsyms != 0 )
            blobs.push_back({"indirect symbol table", 12, leInfo.dynSymTab->indirectsymoff, leInfo.dynSymTab->nindirectsyms*4});
    }
    if ( leInfo.splitSegInfo != nullptr ) {
        if ( leInfo.splitSegInfo->datasize != 0 )
            blobs.push_back({"shared cache info",      6, leInfo.splitSegInfo->dataoff, leInfo.splitSegInfo->datasize});
    }
    if ( leInfo.functionStarts != nullptr ) {
        if ( leInfo.functionStarts->datasize != 0 )
            blobs.push_back({"function starts",        7, leInfo.functionStarts->dataoff, leInfo.functionStarts->datasize});
    }
    if ( leInfo.dataInCode != nullptr ) {
        if ( leInfo.dataInCode->datasize != 0 )
            blobs.push_back({"data in code",           8, leInfo.dataInCode->dataoff, leInfo.dataInCode->datasize});
    }
    if ( leInfo.symTab != nullptr ) {
        if ( leInfo.symTab->nsyms != 0 )
            blobs.push_back({"symbol table",         10, leInfo.symTab->symoff, static_cast<uint32_t>(leInfo.symTab->nsyms*(is64Bit ? sizeof(nlist_64) : sizeof(struct nlist)))});
        if ( leInfo.symTab->strsize != 0 )
            blobs.push_back({"symbol table strings", 20, leInfo.symTab->stroff, leInfo.symTab->strsize});
    }
    if ( leInfo.codeSig != nullptr ) {
        if ( leInfo.codeSig->datasize != 0 )
            blobs.push_back({"code signature",       21, leInfo.codeSig->dataoff, leInfo.codeSig->datasize});
    }

    // check for bad combinations
    if ( (leInfo.dyldInfo != nullptr) && (leInfo.dyldInfo->cmd == LC_DYLD_INFO_ONLY) && (leInfo.dynSymTab != nullptr) ) {
        if ( leInfo.dynSymTab->nlocrel != 0 ) {
            diag.error("malformed mach-o contains LC_DYLD_INFO_ONLY and local relocations");
            return false;
        }
        if ( leInfo.dynSymTab->nextrel != 0 ) {
            diag.error("malformed mach-o contains LC_DYLD_INFO_ONLY and external relocations");
            return false;
        }
    }
    if ( (leInfo.dyldInfo == nullptr) && (leInfo.dynSymTab == nullptr) ) {
        diag.error("malformed mach-o misssing LC_DYLD_INFO and LC_DYSYMTAB");
        return false;
    }
    if ( blobs.empty() ) {
        diag.error("malformed mach-o misssing LINKEDIT");
        return false;
    }

    // sort vector by file offset and error on overlaps
    std::sort(blobs.begin(), blobs.end(), [&](const LinkEditContent& a, const LinkEditContent& b) {
        return a.fileOffsetStart < b.fileOffsetStart;
    });
    uint32_t     prevEnd = (uint32_t)(leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileOffset);
    const char*  prevName = "start of LINKEDIT";
    for (const LinkEditContent& blob : blobs) {
        if ( blob.fileOffsetStart < prevEnd ) {
            diag.error("LINKEDIT overlap of %s and %s", prevName, blob.name);
            return false;
        }
        prevEnd  = blob.fileOffsetStart + blob.size;
        prevName = blob.name;
    }
    const LinkEditContent& lastBlob = blobs.back();
    uint32_t linkeditFileEnd = (uint32_t)(leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileOffset + leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileSize);
    if (greaterThanAddOrOverflow(lastBlob.fileOffsetStart, lastBlob.size, linkeditFileEnd)) {
        diag.error("LINKEDIT content '%s' extends beyond end of segment", lastBlob.name);
        return false;
    }

    // sort vector by order and warn on non standard order or mis-alignment
    std::sort(blobs.begin(), blobs.end(), [&](const LinkEditContent& a, const LinkEditContent& b) {
        return a.stdOrder < b.stdOrder;
    });
    prevEnd = (uint32_t)(leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileOffset);
    prevName = "start of LINKEDIT";
    for (const LinkEditContent& blob : blobs) {
        if ( ((blob.fileOffsetStart & (pointerSize-1)) != 0) && (blob.stdOrder != 20) )  // ok for "symbol table strings" to be mis-aligned
            diag.warning("mis-aligned LINKEDIT content '%s'", blob.name);
        if ( blob.fileOffsetStart < prevEnd ) {
            diag.warning("LINKEDIT out of order %s", blob.name);
        }
        prevEnd  = blob.fileOffsetStart;
        prevName = blob.name;
    }

    // Check for invalid symbol table sizes
    if ( leInfo.symTab != nullptr ) {
        if ( leInfo.symTab->nsyms > 0x10000000 ) {
            diag.error("malformed mach-o image: symbol table too large");
            return false;
        }
        if ( leInfo.dynSymTab != nullptr ) {
            // validate indirect symbol table
            if ( leInfo.dynSymTab->nindirectsyms != 0 ) {
                if ( leInfo.dynSymTab->nindirectsyms > 0x10000000 ) {
                    diag.error("malformed mach-o image: indirect symbol table too large");
                    return false;
                }
            }
            if ( (leInfo.dynSymTab->nlocalsym > leInfo.symTab->nsyms) || (leInfo.dynSymTab->ilocalsym > leInfo.symTab->nsyms) ) {
                diag.error("malformed mach-o image: indirect symbol table local symbol count exceeds total symbols");
                return false;
            }
            if ( leInfo.dynSymTab->ilocalsym + leInfo.dynSymTab->nlocalsym < leInfo.dynSymTab->ilocalsym  ) {
                diag.error("malformed mach-o image: indirect symbol table local symbol count wraps");
                return false;
            }
            if ( (leInfo.dynSymTab->nextdefsym > leInfo.symTab->nsyms) || (leInfo.dynSymTab->iextdefsym > leInfo.symTab->nsyms) ) {
                diag.error("malformed mach-o image: indirect symbol table extern symbol count exceeds total symbols");
                return false;
            }
            if ( leInfo.dynSymTab->iextdefsym + leInfo.dynSymTab->nextdefsym < leInfo.dynSymTab->iextdefsym  ) {
                diag.error("malformed mach-o image: indirect symbol table extern symbol count wraps");
                return false;
            }
            if ( (leInfo.dynSymTab->nundefsym > leInfo.symTab->nsyms) || (leInfo.dynSymTab->iundefsym > leInfo.symTab->nsyms) ) {
                diag.error("malformed mach-o image: indirect symbol table undefined symbol count exceeds total symbols");
                return false;
            }
            if ( leInfo.dynSymTab->iundefsym + leInfo.dynSymTab->nundefsym < leInfo.dynSymTab->iundefsym  ) {
                diag.error("malformed mach-o image: indirect symbol table undefined symbol count wraps");
                return false;
            }
        }
    }

    return true;
}

bool MachOParser::isArch(const mach_header* mh, const std::string& archName)
{
    for (const ArchInfo& info : _s_archInfos) {
        if ( archName == info.name ) {
            return ( (mh->cputype == info.cputype) && ((mh->cpusubtype & ~CPU_SUBTYPE_MASK) == info.cpusubtype) );
        }
    }
    return false;
}


std::string MachOParser::archName(uint32_t cputype, uint32_t cpusubtype)
{
    for (const ArchInfo& info : _s_archInfos) {
        if ( (cputype == info.cputype) && ((cpusubtype & ~CPU_SUBTYPE_MASK) == info.cpusubtype) ) {
            return info.name;
        }
    }
    return "unknown";
}

uint32_t MachOParser::cpuTypeFromArchName(const std::string& archName)
{
    for (const ArchInfo& info : _s_archInfos) {
        if ( archName == info.name ) {
            return info.cputype;
        }
    }
    return 0;
}

uint32_t MachOParser::cpuSubtypeFromArchName(const std::string& archName)
{
    for (const ArchInfo& info : _s_archInfos) {
        if ( archName == info.name ) {
            return info.cpusubtype;
        }
    }
    return 0;
}

std::string MachOParser::archName() const
{
    return archName(header()->cputype, header()->cpusubtype);
}

std::string MachOParser::platformName(Platform platform)
{
    switch ( platform ) {
        case Platform::unknown:
            return "unknown";
        case Platform::macOS:
            return "macOS";
        case Platform::iOS:
            return "iOS";
        case Platform::tvOS:
            return "tvOS";
        case Platform::watchOS:
            return "watchOS";
        case Platform::bridgeOS:
            return "bridgeOS";
    }
    return "unknown platform";
}

std::string MachOParser::versionString(uint32_t packedVersion)
{
    char buff[64];
    sprintf(buff, "%d.%d.%d", (packedVersion >> 16), ((packedVersion >> 8) & 0xFF), (packedVersion & 0xFF));
    return buff;
}

#else

bool MachOParser::isMachO(Diagnostics& diag, const void* fileContent, size_t mappedLength)
{
    // sanity check length
    if ( mappedLength < 4096 ) {
        diag.error("file too short");
        return false;
    }

    // must start with mach-o magic value
    const mach_header* mh = (const mach_header*)fileContent;
#if __LP64__
    const uint32_t requiredMagic = MH_MAGIC_64;
#else
    const uint32_t requiredMagic = MH_MAGIC;
#endif
   if ( mh->magic != requiredMagic ) {
        diag.error("not a mach-o file");
        return false;
    }

#if __x86_64__
    const uint32_t requiredCPU = CPU_TYPE_X86_64;
#elif __i386__
    const uint32_t requiredCPU = CPU_TYPE_I386;
#elif __arm__
    const uint32_t requiredCPU = CPU_TYPE_ARM;
#elif __arm64__
    const uint32_t requiredCPU = CPU_TYPE_ARM64;
#else
    #error unsupported architecture
#endif
    if ( mh->cputype != requiredCPU ) {
        diag.error("wrong cpu type");
        return false;
    }

    return true;
}

bool MachOParser::wellFormedMachHeaderAndLoadCommands(const mach_header* mh)
{
    const load_command* startCmds = nullptr;
    if ( mh->magic == MH_MAGIC_64 )
        startCmds = (load_command*)((char *)mh + sizeof(mach_header_64));
    else if ( mh->magic == MH_MAGIC )
        startCmds = (load_command*)((char *)mh + sizeof(mach_header));
    else
        return false;  // not a mach-o file, or wrong endianness

    const load_command* const cmdsEnd = (load_command*)((char*)startCmds + mh->sizeofcmds);
    const load_command* cmd = startCmds;
    for(uint32_t i = 0; i < mh->ncmds; ++i) {
        const load_command* nextCmd = (load_command*)((char *)cmd + cmd->cmdsize);
        if ( (cmd->cmdsize < 8) || (nextCmd > cmdsEnd) || (nextCmd < startCmds)) {
            return false;
        }
        cmd = nextCmd;
    }
    return true;
}

#endif

Platform MachOParser::currentPlatform()
{
#if TARGET_OS_BRIDGE
    return Platform::bridgeOS;
#elif TARGET_OS_WATCH
    return Platform::watchOS;
#elif TARGET_OS_TV
    return Platform::tvOS;
#elif TARGET_OS_IOS
    return Platform::iOS;
#elif TARGET_OS_MAC
    return Platform::macOS;
#else
    #error unknown platform
#endif
}


bool MachOParser::valid(Diagnostics& diag)
{
#if DYLD_IN_PROCESS
    // only images loaded by dyld to be parsed
    const mach_header* inImage = dyld3::dyld_image_header_containing_address(header());
    if ( inImage != header() ) {
        diag.error("only dyld loaded images can be parsed by MachOParser");
        return false;
    }
#else

#endif
    return true;
}


void MachOParser::forEachLoadCommand(Diagnostics& diag, void (^callback)(const load_command* cmd, bool& stop)) const
{
    bool stop = false;
    const load_command* startCmds = nullptr;
    if ( header()->magic == MH_MAGIC_64 )
        startCmds = (load_command*)((char *)header() + sizeof(mach_header_64));
    else if ( header()->magic == MH_MAGIC )
        startCmds = (load_command*)((char *)header() + sizeof(mach_header));
    else {
        diag.error("file does not start with MH_MAGIC[_64]");
        return;  // not a mach-o file, or wrong endianness
    }
    const load_command* const cmdsEnd = (load_command*)((char*)startCmds + header()->sizeofcmds);
    const load_command* cmd = startCmds;
    for(uint32_t i = 0; i < header()->ncmds; ++i) {
        const load_command* nextCmd = (load_command*)((char *)cmd + cmd->cmdsize);
        if ( cmd->cmdsize < 8 ) {
            diag.error("malformed load command #%d, size too small %d", i, cmd->cmdsize);
            return;
        }
        if ( (nextCmd > cmdsEnd) || (nextCmd < startCmds) ) {
            diag.error("malformed load command #%d, size too large 0x%X", i, cmd->cmdsize);
            return;
        }
        callback(cmd, stop);
        if ( stop )
            return;
        cmd = nextCmd;
    }
}

UUID MachOParser::uuid() const
{
    uuid_t uuid;
    getUuid(uuid);
    return uuid;
}

bool MachOParser::getUuid(uuid_t uuid) const
{
    Diagnostics diag;
    __block bool found = false;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_UUID ) {
            const uuid_command* uc = (const uuid_command*)cmd;
            memcpy(uuid, uc->uuid, sizeof(uuid_t));
            found = true;
            stop = true;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
    if ( !found )
        bzero(uuid, sizeof(uuid_t));
    return found;
}

uint64_t MachOParser::preferredLoadAddress() const
{
    __block uint64_t result = 0;
    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        if ( strcmp(segName, "__TEXT") == 0 ) {
            result = vmAddr;
            stop = true;
        }
    });
    return result;
}

bool MachOParser::getPlatformAndVersion(Platform* platform, uint32_t* minOS, uint32_t* sdk) const
{
    Diagnostics diag;
    __block bool found = false;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        const version_min_command* versCmd;
        switch ( cmd->cmd ) {
            case LC_VERSION_MIN_IPHONEOS:
                versCmd       = (version_min_command*)cmd;
                *platform     = Platform::iOS;
                *minOS        = versCmd->version;
                *sdk          = versCmd->sdk;
                found = true;
                stop = true;
                break;
           case LC_VERSION_MIN_MACOSX:
                 versCmd       = (version_min_command*)cmd;
                *platform     = Platform::macOS;
                *minOS        = versCmd->version;
                *sdk          = versCmd->sdk;
                found = true;
                stop = true;
                break;
           case LC_VERSION_MIN_TVOS:
                 versCmd       = (version_min_command*)cmd;
                *platform     = Platform::tvOS;
                *minOS        = versCmd->version;
                *sdk          = versCmd->sdk;
                found = true;
                stop = true;
                break;
           case LC_VERSION_MIN_WATCHOS:
                versCmd       = (version_min_command*)cmd;
                *platform     = Platform::watchOS;
                *minOS        = versCmd->version;
                *sdk          = versCmd->sdk;
                found = true;
                stop = true;
                break;
            case LC_BUILD_VERSION: {
                const build_version_command* buildCmd = (build_version_command *)cmd;
                *minOS        = buildCmd->minos;
                *sdk          = buildCmd->sdk;

                switch(buildCmd->platform) {
                        /* Known values for the platform field above. */
                    case PLATFORM_MACOS:
                        *platform = Platform::macOS;
                        break;
                    case PLATFORM_IOS:
                        *platform = Platform::iOS;
                        break;
                    case PLATFORM_TVOS:
                        *platform = Platform::tvOS;
                        break;
                    case PLATFORM_WATCHOS:
                        *platform = Platform::watchOS;
                        break;
                    case PLATFORM_BRIDGEOS:
                        *platform = Platform::bridgeOS;
                        break;
                }
                found = true;
                stop = true;
            } break;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
    return found;
}


bool MachOParser::isSimulatorBinary() const
{
    Platform platform;
    uint32_t minOS;
    uint32_t sdk;
    switch ( header()->cputype ) {
        case CPU_TYPE_I386:
        case CPU_TYPE_X86_64:
            if ( getPlatformAndVersion(&platform, &minOS, &sdk) ) {
                return (platform != Platform::macOS);
            }
            break;
    }
    return false;
}


bool MachOParser::getDylibInstallName(const char** installName, uint32_t* compatVersion, uint32_t* currentVersion) const
{
    Diagnostics diag;
    __block bool found = false;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_ID_DYLIB ) {
            const dylib_command*  dylibCmd = (dylib_command*)cmd;
            *compatVersion  = dylibCmd->dylib.compatibility_version;
            *currentVersion = dylibCmd->dylib.current_version;
            *installName    = (char*)dylibCmd + dylibCmd->dylib.name.offset;
            found = true;
            stop = true;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
    return found;
}

const char* MachOParser::installName() const
{
    assert(header()->filetype == MH_DYLIB);
    const char* result;
    uint32_t    ignoreVersion;
    assert(getDylibInstallName(&result, &ignoreVersion, &ignoreVersion));
    return result;
}


uint32_t MachOParser::dependentDylibCount() const
{
    __block uint32_t count = 0;
    forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
        ++count;
    });
    return count;
}

const char* MachOParser::dependentDylibLoadPath(uint32_t depIndex) const
{
    __block const char* foundLoadPath = nullptr;
    __block uint32_t curDepIndex = 0;
    forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
        if ( curDepIndex == depIndex ) {
            foundLoadPath = loadPath;
            stop = true;
        }
        ++curDepIndex;
    });
    return foundLoadPath;
}


void MachOParser::forEachDependentDylib(void (^callback)(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop)) const
{
    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
         switch ( cmd->cmd ) {
            case LC_LOAD_DYLIB:
            case LC_LOAD_WEAK_DYLIB:
            case LC_REEXPORT_DYLIB:
            case LC_LOAD_UPWARD_DYLIB: {
                const dylib_command* dylibCmd = (dylib_command*)cmd;
                assert(dylibCmd->dylib.name.offset < cmd->cmdsize);
                const char* loadPath = (char*)dylibCmd + dylibCmd->dylib.name.offset;
                callback(loadPath, (cmd->cmd == LC_LOAD_WEAK_DYLIB), (cmd->cmd == LC_REEXPORT_DYLIB), (cmd->cmd == LC_LOAD_UPWARD_DYLIB),
                                    dylibCmd->dylib.compatibility_version, dylibCmd->dylib.current_version, stop);
            }
            break;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
}

void MachOParser::forEachRPath(void (^callback)(const char* rPath, bool& stop)) const
{
    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
         if ( cmd->cmd == LC_RPATH ) {
            const char* rpath = (char*)cmd + ((struct rpath_command*)cmd)->path.offset;
            callback(rpath, stop);
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
}

/*
   struct LayoutInfo {
#if DYLD_IN_PROCESS
        uintptr_t    slide;
        uintptr_t    textUnslidVMAddr;
        uintptr_t    linkeditUnslidVMAddr;
        uint32_t     linkeditFileOffset;
#else
        uint32_t     segmentCount;
        uint32_t     linkeditSegIndex;
        struct {
            uint64_t    mappingOffset;
            uint64_t    fileOffset;
            uint64_t    segUnslidAddress;
            uint64_t    segSize;
        }            segments[16];
#endif
    };
*/

#if !DYLD_IN_PROCESS
const uint8_t* MachOParser::getContentForVMAddr(const LayoutInfo& info, uint64_t addr) const
{
    for (uint32_t i=0; i < info.segmentCount; ++i) {
        if ( (addr >= info.segments[i].segUnslidAddress) && (addr < (info.segments[i].segUnslidAddress+info.segments[i].segSize)) )
            return (uint8_t*)header() + info.segments[i].mappingOffset + (addr - info.segments[i].segUnslidAddress);
    }
    // value is outside this image.  could be pointer into another image
    if ( inDyldCache() ) {
        return (uint8_t*)header() + info.segments[0].mappingOffset + (addr - info.segments[0].segUnslidAddress);
    }
    assert(0 && "address not found in segment");
    return nullptr;
}
#endif

const uint8_t* MachOParser::getLinkEditContent(const LayoutInfo& info, uint32_t fileOffset) const
{
#if DYLD_IN_PROCESS
    uint32_t offsetInLinkedit   = fileOffset - info.linkeditFileOffset;
    uintptr_t linkeditStartAddr = info.linkeditUnslidVMAddr + info.slide;
    return (uint8_t*)(linkeditStartAddr + offsetInLinkedit);
#else
    uint32_t offsetInLinkedit    = fileOffset - (uint32_t)(info.segments[info.linkeditSegIndex].fileOffset);
    const uint8_t* linkeditStart = (uint8_t*)header() + info.segments[info.linkeditSegIndex].mappingOffset;
    return linkeditStart + offsetInLinkedit;
#endif
}


void MachOParser::getLayoutInfo(LayoutInfo& result) const
{
#if DYLD_IN_PROCESS
    // image loaded by dyld, just record the addr and file offset of TEXT and LINKEDIT segments
    result.slide = getSlide();
    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        if ( strcmp(segName, "__TEXT") == 0 ) {
            result.textUnslidVMAddr = (uintptr_t)vmAddr;
        }
        else if ( strcmp(segName, "__LINKEDIT") == 0 ) {
            result.linkeditUnslidVMAddr = (uintptr_t)vmAddr;
            result.linkeditFileOffset   = fileOffset;
        }
    });
#else
    bool inCache = inDyldCache();
    bool intel32 = (header()->cputype == CPU_TYPE_I386);
    result.segmentCount = 0;
    result.linkeditSegIndex = 0xFFFFFFFF;
    __block uint64_t textSegAddr = 0;
    __block uint64_t textSegFileOffset = 0;
    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        auto& segInfo = result.segments[result.segmentCount];
        if ( strcmp(segName, "__TEXT") == 0 ) {
            textSegAddr       = vmAddr;
            textSegFileOffset = fileOffset;
        }
        __block bool textRelocsAllowed = false;
        if ( intel32 ) {
            forEachSection(^(const char* curSegName, uint32_t segIndex, uint64_t segVMAddr, const char* sectionName, uint32_t sectFlags,
                             uint64_t sectAddr, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& sectStop) {
                if ( strcmp(curSegName, segName) == 0 ) {
                    if ( sectFlags & (S_ATTR_EXT_RELOC|S_ATTR_LOC_RELOC) ) {
                        textRelocsAllowed = true;
                        sectStop = true;
                    }
                }
            });
        }
        if ( inCache ) {
            if ( inRawCache() ) {
                // whole cache file mapped somewhere (padding not expanded)
                // vmaddrs are useless. only file offset make sense
                segInfo.mappingOffset = fileOffset - textSegFileOffset;
            }
            else {
                // cache file was loaded by dyld into shared region
                // vmaddrs of segments are correct except for ASLR slide
                segInfo.mappingOffset = vmAddr - textSegAddr;
           }
        }
        else {
            // individual mach-o file mapped in one region, so mappingOffset == fileOffset
            segInfo.mappingOffset    = fileOffset;
        }
        segInfo.fileOffset        = fileOffset;
        segInfo.fileSize          = fileSize;
        segInfo.segUnslidAddress  = vmAddr;
        segInfo.segSize           = vmSize;
        segInfo.writable          = ((protections & VM_PROT_WRITE)   == VM_PROT_WRITE);
        segInfo.executable        = ((protections & VM_PROT_EXECUTE) == VM_PROT_EXECUTE);
        segInfo.textRelocsAllowed = textRelocsAllowed;
        if ( strcmp(segName, "__LINKEDIT") == 0 ) {
            result.linkeditSegIndex = result.segmentCount;
        }
        ++result.segmentCount;
        if ( result.segmentCount > 127 )
            stop = true;
    });
#endif
}


void MachOParser::forEachSection(void (^callback)(const char* segName, const char* sectionName, uint32_t flags,
                                                  const void* content, size_t size, bool illegalSectionSize, bool& stop)) const
{
    forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr,
                     const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop) {
        callback(segName, sectionName, flags, content, (size_t)size, illegalSectionSize, stop);
    });
}

void MachOParser::forEachSection(void (^callback)(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr,
                                                  const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2,
                                                  bool illegalSectionSize, bool& stop)) const
{
    Diagnostics diag;
    //fprintf(stderr, "forEachSection() mh=%p\n", header());
    LayoutInfo layout;
    getLayoutInfo(layout);
    forEachSection(^(const char* segName, uint32_t segIndex, uint64_t segVMAddr, const char* sectionName, uint32_t sectFlags,
                      uint64_t sectAddr, uint64_t sectSize, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop) {
    #if DYLD_IN_PROCESS
        const uint8_t* segContentStart = (uint8_t*)(segVMAddr + layout.slide);
    #else
        const uint8_t* segContentStart = (uint8_t*)header() + layout.segments[segIndex].mappingOffset;
    #endif
        const void* contentAddr = segContentStart + (sectAddr - segVMAddr);
        callback(segName, sectionName, sectFlags, sectAddr, contentAddr, sectSize, alignP2, reserved1, reserved2, illegalSectionSize, stop);
    });

}

// this iterator just walks the segment/section array.  It does interpret addresses
void MachOParser::forEachSection(void (^callback)(const char* segName, uint32_t segIndex, uint64_t segVMAddr, const char* sectionName, uint32_t sectFlags,
                                 uint64_t sectAddr, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop)) const
{
    Diagnostics diag;
    //fprintf(stderr, "forEachSection() mh=%p\n", header());
    __block uint32_t segIndex = 0;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_SEGMENT_64 ) {
            const segment_command_64* seg = (segment_command_64*)cmd;
            const section_64* const sectionsStart = (section_64*)((char*)seg + sizeof(struct segment_command_64));
            const section_64* const sectionsEnd   = &sectionsStart[seg->nsects];
            for (const section_64* sect=sectionsStart; !stop && (sect < sectionsEnd); ++sect) {
                const char* sectName = sect->sectname;
                char sectNameCopy[20];
                if ( sectName[15] != '\0' ) {
                    strlcpy(sectNameCopy, sectName, 17);
                    sectName = sectNameCopy;
                }
                bool illegalSectionSize = (sect->addr < seg->vmaddr) || greaterThanAddOrOverflow(sect->addr, sect->size, seg->vmaddr + seg->filesize);
                callback(seg->segname, segIndex, seg->vmaddr, sectName, sect->flags, sect->addr, sect->size, sect->align, sect->reserved1, sect->reserved2, illegalSectionSize, stop);
            }
            ++segIndex;
        }
        else if ( cmd->cmd == LC_SEGMENT ) {
            const segment_command* seg = (segment_command*)cmd;
            const section* const sectionsStart = (section*)((char*)seg + sizeof(struct segment_command));
            const section* const sectionsEnd   = &sectionsStart[seg->nsects];
            for (const section* sect=sectionsStart; !stop && (sect < sectionsEnd); ++sect) {
                const char* sectName = sect->sectname;
                char sectNameCopy[20];
                if ( sectName[15] != '\0' ) {
                    strlcpy(sectNameCopy, sectName, 17);
                    sectName = sectNameCopy;
                }
                bool illegalSectionSize = (sect->addr < seg->vmaddr) || greaterThanAddOrOverflow(sect->addr, sect->size, seg->vmaddr + seg->filesize);
                callback(seg->segname, segIndex, seg->vmaddr, sectName, sect->flags, sect->addr, sect->size, sect->align, sect->reserved1, sect->reserved2, illegalSectionSize, stop);
            }
            ++segIndex;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
}

void MachOParser::forEachGlobalSymbol(Diagnostics& diag, void (^callback)(const char* symbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop)) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return;

    const bool is64Bit = is64();
    if ( leInfo.symTab != nullptr ) {
        uint32_t globalsStartIndex = 0;
        uint32_t globalsCount      = leInfo.symTab->nsyms;
        if ( leInfo.dynSymTab != nullptr ) {
            globalsStartIndex = leInfo.dynSymTab->iextdefsym;
            globalsCount      = leInfo.dynSymTab->nextdefsym;
        }
        uint32_t               maxStringOffset  = leInfo.symTab->strsize;
        const char*            stringPool       =             (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
        const struct nlist*    symbols          = (struct nlist*)   (getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
        const struct nlist_64* symbols64        = (struct nlist_64*)(getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
        bool                   stop             = false;
        for (uint32_t i=0; (i < globalsCount) && !stop; ++i) {
            if ( is64Bit ) {
                const struct nlist_64& sym = symbols64[globalsStartIndex+i];
                if ( sym.n_un.n_strx > maxStringOffset )
                    continue;
                if ( (sym.n_type & N_EXT) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
                    callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
            }
            else {
                const struct nlist& sym = symbols[globalsStartIndex+i];
                if ( sym.n_un.n_strx > maxStringOffset )
                    continue;
                if ( (sym.n_type & N_EXT) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
                    callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
            }
        }
    }
}

void MachOParser::forEachLocalSymbol(Diagnostics& diag, void (^callback)(const char* symbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop)) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return;

    const bool is64Bit = is64();
    if ( leInfo.symTab != nullptr ) {
        uint32_t localsStartIndex = 0;
        uint32_t localsCount      = leInfo.symTab->nsyms;
        if ( leInfo.dynSymTab != nullptr ) {
            localsStartIndex = leInfo.dynSymTab->ilocalsym;
            localsCount      = leInfo.dynSymTab->nlocalsym;
        }
        uint32_t               maxStringOffset  = leInfo.symTab->strsize;
        const char*            stringPool       =             (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
        const struct nlist*    symbols          = (struct nlist*)   (getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
        const struct nlist_64* symbols64        = (struct nlist_64*)(getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
        bool                   stop             = false;
        for (uint32_t i=0; (i < localsCount) && !stop; ++i) {
            if ( is64Bit ) {
                const struct nlist_64& sym = symbols64[localsStartIndex+i];
                if ( sym.n_un.n_strx > maxStringOffset )
                    continue;
                if ( ((sym.n_type & N_EXT) == 0) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
                    callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
            }
            else {
                const struct nlist& sym = symbols[localsStartIndex+i];
                if ( sym.n_un.n_strx > maxStringOffset )
                    continue;
                if ( ((sym.n_type & N_EXT) == 0) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
                    callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
            }
        }
    }
}


bool MachOParser::findExportedSymbol(Diagnostics& diag, const char* symbolName, void* extra, FoundSymbol& foundInfo, DependentFinder findDependent) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return false;
    if ( leInfo.dyldInfo != nullptr ) {
        const uint8_t* trieStart    = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->export_off);
        const uint8_t* trieEnd      = trieStart + leInfo.dyldInfo->export_size;
        const uint8_t* node         = trieWalk(diag, trieStart, trieEnd, symbolName);
        if ( node == nullptr ) {
            // symbol not exported from this image. Seach any re-exported dylibs
            __block unsigned        depIndex = 0;
            __block bool            foundInReExportedDylib = false;
            forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
                if ( isReExport && findDependent ) {
                    const mach_header*  depMH;
                    void*               depExtra;
                    if ( findDependent(depIndex, loadPath, extra, &depMH, &depExtra) ) {
                        bool depInRawCache = inRawCache() && (depMH->flags & 0x80000000);
                        MachOParser dep(depMH, depInRawCache);
                        if ( dep.findExportedSymbol(diag, symbolName, depExtra, foundInfo, findDependent) ) {
                            stop = true;
                            foundInReExportedDylib = true;
                        }
                    }
                    else {
                        fprintf(stderr, "could not find re-exported dylib %s\n", loadPath);
                    }
                }
                ++depIndex;
            });
            return foundInReExportedDylib;
        }
        const uint8_t* p = node;
        const uint64_t flags = read_uleb128(diag, p, trieEnd);
        if ( flags & EXPORT_SYMBOL_FLAGS_REEXPORT ) {
            if ( !findDependent )
                return false;
            // re-export from another dylib, lookup there
            const uint64_t ordinal = read_uleb128(diag, p, trieEnd);
            const char* importedName = (char*)p;
            if ( importedName[0] == '\0' )
                importedName = symbolName;
            assert(ordinal >= 1);
            if (ordinal > dependentDylibCount()) {
                diag.error("ordinal %lld out of range for %s", ordinal, symbolName);
                return false;
            }
            uint32_t depIndex = (uint32_t)(ordinal-1);
            const mach_header*  depMH;
            void*               depExtra;
            if ( findDependent(depIndex, dependentDylibLoadPath(depIndex), extra, &depMH, &depExtra) ) {
                bool depInRawCache = inRawCache() && (depMH->flags & 0x80000000);
                MachOParser depParser(depMH, depInRawCache);
                return depParser.findExportedSymbol(diag, importedName, depExtra, foundInfo, findDependent);
            }
            else {
                diag.error("dependent dylib %lld not found for re-exported symbol %s", ordinal, symbolName);
                return false;
            }
        }
        foundInfo.kind               = FoundSymbol::Kind::headerOffset;
        foundInfo.isThreadLocal      = false;
        foundInfo.foundInDylib       = header();
        foundInfo.foundExtra         = extra;
        foundInfo.value              = read_uleb128(diag, p, trieEnd);
        foundInfo.resolverFuncOffset = 0;
        foundInfo.foundSymbolName    = symbolName;
        if ( diag.hasError() )
            return false;
        switch ( flags & EXPORT_SYMBOL_FLAGS_KIND_MASK ) {
            case EXPORT_SYMBOL_FLAGS_KIND_REGULAR:
                if ( flags & EXPORT_SYMBOL_FLAGS_STUB_AND_RESOLVER ) {
                    foundInfo.kind = FoundSymbol::Kind::headerOffset;
                    foundInfo.resolverFuncOffset = (uint32_t)read_uleb128(diag, p, trieEnd);
                }
                else {
                    foundInfo.kind = FoundSymbol::Kind::headerOffset;
                }
                break;
            case EXPORT_SYMBOL_FLAGS_KIND_THREAD_LOCAL:
                foundInfo.isThreadLocal = true;
                break;
            case EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE:
                foundInfo.kind = FoundSymbol::Kind::absolute;
                break;
            default:
                diag.error("unsupported exported symbol kind. flags=%llu at node offset=0x%0lX", flags, (long)(node-trieStart));
                return false;
        }
        return true;
    }
    else {
        // this is an old binary (before macOS 10.6), scan the symbol table
        foundInfo.foundInDylib = nullptr;
        uint64_t baseAddress = preferredLoadAddress();
        forEachGlobalSymbol(diag, ^(const char* aSymbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop) {
            if ( strcmp(aSymbolName, symbolName) == 0 ) {
                foundInfo.kind               = FoundSymbol::Kind::headerOffset;
                foundInfo.isThreadLocal      = false;
                foundInfo.foundInDylib       = header();
                foundInfo.foundExtra         = extra;
                foundInfo.value              = n_value - baseAddress;
                foundInfo.resolverFuncOffset = 0;
                foundInfo.foundSymbolName    = symbolName;
                stop = true;
            }
        });
        return (foundInfo.foundInDylib != nullptr);
    }
}


void MachOParser::getLinkEditLoadCommands(Diagnostics& diag, LinkEditInfo& result) const
{
    result.dyldInfo       = nullptr;
    result.symTab         = nullptr;
    result.dynSymTab      = nullptr;
    result.splitSegInfo   = nullptr;
    result.functionStarts = nullptr;
    result.dataInCode     = nullptr;
    result.codeSig        = nullptr;
    __block bool hasUUID    = false;
    __block bool hasVersion = false;
    __block bool hasEncrypt = false;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        switch ( cmd->cmd ) {
            case LC_DYLD_INFO:
            case LC_DYLD_INFO_ONLY:
                if ( cmd->cmdsize != sizeof(dyld_info_command) )
                    diag.error("LC_DYLD_INFO load command size wrong");
                else if ( result.dyldInfo != nullptr )
                    diag.error("multiple LC_DYLD_INFO load commands");
                result.dyldInfo = (dyld_info_command*)cmd;
                break;
            case LC_SYMTAB:
                if ( cmd->cmdsize != sizeof(symtab_command) )
                    diag.error("LC_SYMTAB load command size wrong");
                else if ( result.symTab != nullptr )
                    diag.error("multiple LC_SYMTAB load commands");
                result.symTab = (symtab_command*)cmd;
                break;
            case LC_DYSYMTAB:
                if ( cmd->cmdsize != sizeof(dysymtab_command) )
                    diag.error("LC_DYSYMTAB load command size wrong");
                else if ( result.dynSymTab != nullptr )
                    diag.error("multiple LC_DYSYMTAB load commands");
                result.dynSymTab = (dysymtab_command*)cmd;
                break;
            case LC_SEGMENT_SPLIT_INFO:
                if ( cmd->cmdsize != sizeof(linkedit_data_command) )
                    diag.error("LC_SEGMENT_SPLIT_INFO load command size wrong");
                else if ( result.splitSegInfo != nullptr )
                    diag.error("multiple LC_SEGMENT_SPLIT_INFO load commands");
                result.splitSegInfo = (linkedit_data_command*)cmd;
                break;
            case LC_FUNCTION_STARTS:
                if ( cmd->cmdsize != sizeof(linkedit_data_command) )
                    diag.error("LC_FUNCTION_STARTS load command size wrong");
                else if ( result.functionStarts != nullptr )
                    diag.error("multiple LC_FUNCTION_STARTS load commands");
                result.functionStarts = (linkedit_data_command*)cmd;
                break;
            case LC_DATA_IN_CODE:
                if ( cmd->cmdsize != sizeof(linkedit_data_command) )
                    diag.error("LC_DATA_IN_CODE load command size wrong");
                else if ( result.dataInCode != nullptr )
                    diag.error("multiple LC_DATA_IN_CODE load commands");
                result.dataInCode = (linkedit_data_command*)cmd;
                break;
            case LC_CODE_SIGNATURE:
                if ( cmd->cmdsize != sizeof(linkedit_data_command) )
                    diag.error("LC_CODE_SIGNATURE load command size wrong");
                else if ( result.codeSig != nullptr )
                     diag.error("multiple LC_CODE_SIGNATURE load commands");
                result.codeSig = (linkedit_data_command*)cmd;
                break;
            case LC_UUID:
                if ( cmd->cmdsize != sizeof(uuid_command) )
                    diag.error("LC_UUID load command size wrong");
                else if ( hasUUID )
                     diag.error("multiple LC_UUID load commands");
                hasUUID = true;
                break;
            case LC_VERSION_MIN_IPHONEOS:
            case LC_VERSION_MIN_MACOSX:
            case LC_VERSION_MIN_TVOS:
            case LC_VERSION_MIN_WATCHOS:
                if ( cmd->cmdsize != sizeof(version_min_command) )
                    diag.error("LC_VERSION_* load command size wrong");
                 else if ( hasVersion )
                     diag.error("multiple LC_VERSION_MIN_* load commands");
                hasVersion = true;
                break;
            case LC_BUILD_VERSION:
                if ( cmd->cmdsize != (sizeof(build_version_command) + ((build_version_command*)cmd)->ntools * sizeof(build_tool_version)) )
                    diag.error("LC_BUILD_VERSION load command size wrong");
                else if ( hasVersion )
                     diag.error("multiple LC_BUILD_VERSION load commands");
                hasVersion = true;
                break;
            case LC_ENCRYPTION_INFO:
                if ( cmd->cmdsize != sizeof(encryption_info_command) )
                    diag.error("LC_ENCRYPTION_INFO load command size wrong");
                else if ( hasEncrypt )
                     diag.error("multiple LC_ENCRYPTION_INFO load commands");
                else if ( is64() )
                      diag.error("LC_ENCRYPTION_INFO found in 64-bit mach-o");
                hasEncrypt = true;
                break;
            case LC_ENCRYPTION_INFO_64:
                if ( cmd->cmdsize != sizeof(encryption_info_command_64) )
                    diag.error("LC_ENCRYPTION_INFO_64 load command size wrong");
                else if ( hasEncrypt )
                     diag.error("multiple LC_ENCRYPTION_INFO_64 load commands");
                else if ( !is64() )
                      diag.error("LC_ENCRYPTION_INFO_64 found in 32-bit mach-o");
                hasEncrypt = true;
                break;
        }
    });
    if ( diag.noError() && (result.dynSymTab != nullptr) && (result.symTab == nullptr) )
        diag.error("LC_DYSYMTAB but no LC_SYMTAB load command");

}

void MachOParser::getLinkEditPointers(Diagnostics& diag, LinkEditInfo& result) const
{
    getLinkEditLoadCommands(diag, result);
    if ( diag.noError() )
        getLayoutInfo(result.layout);
}

void MachOParser::forEachSegment(void (^callback)(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop)) const
{
    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_SEGMENT_64 ) {
            const segment_command_64* seg = (segment_command_64*)cmd;
            callback(seg->segname, (uint32_t)seg->fileoff, (uint32_t)seg->filesize, seg->vmaddr, seg->vmsize, seg->initprot, stop);
        }
        else if ( cmd->cmd == LC_SEGMENT ) {
            const segment_command* seg = (segment_command*)cmd;
            callback(seg->segname, seg->fileoff, seg->filesize, seg->vmaddr, seg->vmsize, seg->initprot, stop);
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
}

const uint8_t* MachOParser::trieWalk(Diagnostics& diag, const uint8_t* start, const uint8_t* end, const char* symbol)
{
    uint32_t visitedNodeOffsets[128];
    int visitedNodeOffsetCount = 0;
    visitedNodeOffsets[visitedNodeOffsetCount++] = 0;
    const uint8_t* p = start;
    while ( p < end ) {
        uint64_t terminalSize = *p++;
        if ( terminalSize > 127 ) {
            // except for re-export-with-rename, all terminal sizes fit in one byte
            --p;
            terminalSize = read_uleb128(diag, p, end);
            if ( diag.hasError() )
                return nullptr;
        }
        if ( (*symbol == '\0') && (terminalSize != 0) ) {
            return p;
        }
        const uint8_t* children = p + terminalSize;
        if ( children > end ) {
            diag.error("malformed trie node, terminalSize=0x%llX extends past end of trie\n", terminalSize);
            return nullptr;
        }
        uint8_t childrenRemaining = *children++;
        p = children;
        uint64_t nodeOffset = 0;
        for (; childrenRemaining > 0; --childrenRemaining) {
            const char* ss = symbol;
            bool wrongEdge = false;
            // scan whole edge to get to next edge
            // if edge is longer than target symbol name, don't read past end of symbol name
            char c = *p;
            while ( c != '\0' ) {
                if ( !wrongEdge ) {
                    if ( c != *ss )
                        wrongEdge = true;
                    ++ss;
                }
                ++p;
                c = *p;
            }
            if ( wrongEdge ) {
                // advance to next child
                ++p; // skip over zero terminator
                // skip over uleb128 until last byte is found
                while ( (*p & 0x80) != 0 )
                    ++p;
                ++p; // skip over last byte of uleb128
                if ( p > end ) {
                    diag.error("malformed trie node, child node extends past end of trie\n");
                    return nullptr;
                }
            }
            else {
                 // the symbol so far matches this edge (child)
                // so advance to the child's node
                ++p;
                nodeOffset = read_uleb128(diag, p, end);
                if ( diag.hasError() )
                    return nullptr;
                if ( (nodeOffset == 0) || ( &start[nodeOffset] > end) ) {
                    diag.error("malformed trie child, nodeOffset=0x%llX out of range\n", nodeOffset);
                    return nullptr;
                }
                symbol = ss;
                break;
            }
        }
        if ( nodeOffset != 0 ) {
            if ( nodeOffset > (end-start) ) {
                diag.error("malformed trie child, nodeOffset=0x%llX out of range\n", nodeOffset);
               return nullptr;
            }
            for (int i=0; i < visitedNodeOffsetCount; ++i) {
                if ( visitedNodeOffsets[i] == nodeOffset ) {
                    diag.error("malformed trie child, cycle to nodeOffset=0x%llX\n", nodeOffset);
                    return nullptr;
                }
            }
            visitedNodeOffsets[visitedNodeOffsetCount++] = (uint32_t)nodeOffset;
            if ( visitedNodeOffsetCount >= 128 ) {
                diag.error("malformed trie too deep\n");
                return nullptr;
            }
            p = &start[nodeOffset];
        }
        else
            p = end;
    }
    return nullptr;
}


uint64_t MachOParser::read_uleb128(Diagnostics& diag, const uint8_t*& p, const uint8_t* end)
{
    uint64_t result = 0;
    int         bit = 0;
    do {
        if ( p == end ) {
            diag.error("malformed uleb128");
            break;
        }
        uint64_t slice = *p & 0x7f;

        if ( bit > 63 ) {
            diag.error("uleb128 too big for uint64");
            break;
        }
        else {
            result |= (slice << bit);
            bit += 7;
        }
    }
    while (*p++ & 0x80);
    return result;
}


int64_t MachOParser::read_sleb128(Diagnostics& diag, const uint8_t*& p, const uint8_t* end)
{
    int64_t  result = 0;
    int      bit = 0;
    uint8_t  byte = 0;
    do {
        if ( p == end ) {
            diag.error("malformed sleb128");
            break;
        }
        byte = *p++;
        result |= (((int64_t)(byte & 0x7f)) << bit);
        bit += 7;
    } while (byte & 0x80);
    // sign extend negative numbers
    if ( (byte & 0x40) != 0 )
        result |= (-1LL) << bit;
    return result;
}

bool MachOParser::is64() const
{
#if DYLD_IN_PROCESS
    return (sizeof(void*) == 8);
#else
    return (header()->magic == MH_MAGIC_64);
#endif
}




bool MachOParser::findClosestSymbol(uint64_t targetUnslidAddress, const char** symbolName, uint64_t* symbolUnslidAddr) const
{
    Diagnostics diag;
    __block uint64_t    closestNValueSoFar = 0;
    __block const char* closestNameSoFar   = nullptr;
    forEachGlobalSymbol(diag, ^(const char* aSymbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop) {
        if ( n_value <= targetUnslidAddress ) {
            if ( (closestNameSoFar == nullptr) || (closestNValueSoFar < n_value) ) {
                closestNValueSoFar = n_value;
                closestNameSoFar   = aSymbolName;
            }
        }
    });
    forEachLocalSymbol(diag, ^(const char* aSymbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop) {
        if ( n_value <= targetUnslidAddress ) {
            if ( (closestNameSoFar == nullptr) || (closestNValueSoFar < n_value) ) {
                closestNValueSoFar = n_value;
                closestNameSoFar   = aSymbolName;
            }
        }
    });
    if ( closestNameSoFar == nullptr ) {
        return false;
    }

    *symbolName       = closestNameSoFar;
    *symbolUnslidAddr = closestNValueSoFar;
    return true;
}


#if DYLD_IN_PROCESS

bool MachOParser::findClosestSymbol(const void* addr, const char** symbolName, const void** symbolAddress) const
{
    uint64_t slide = getSlide();
    uint64_t symbolUnslidAddr;
    if ( findClosestSymbol((uint64_t)addr - slide, symbolName, &symbolUnslidAddr) ) {
        *symbolAddress = (const void*)(long)(symbolUnslidAddr + slide);
        return true;
    }
    return false;
}

intptr_t MachOParser::getSlide() const
{
    Diagnostics diag;
    __block intptr_t slide = 0;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
#if __LP64__
        if ( cmd->cmd == LC_SEGMENT_64 ) {
            const segment_command_64* seg = (segment_command_64*)cmd;
            if ( strcmp(seg->segname, "__TEXT") == 0 ) {
                slide = ((uint64_t)header()) - seg->vmaddr;
                stop = true;
            }
        }
#else
        if ( cmd->cmd == LC_SEGMENT ) {
            const segment_command* seg = (segment_command*)cmd;
            if ( strcmp(seg->segname, "__TEXT") == 0 ) {
                slide = ((uint32_t)header()) - seg->vmaddr;
                stop = true;
            }
        }
#endif
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
    return slide;
}

// this is only used by dlsym() at runtime.  All other binding is done when the closure is built.
bool MachOParser::hasExportedSymbol(const char* symbolName, DependentFinder finder, void** result) const
{
    typedef void* (*ResolverFunc)(void);
    ResolverFunc resolver;
    Diagnostics diag;
    FoundSymbol foundInfo;
    if ( findExportedSymbol(diag, symbolName, (void*)header(), foundInfo, finder) ) {
        switch ( foundInfo.kind ) {
            case FoundSymbol::Kind::headerOffset:
                *result = (uint8_t*)foundInfo.foundInDylib + foundInfo.value;
                break;
            case FoundSymbol::Kind::absolute:
                *result = (void*)(long)foundInfo.value;
                break;
            case FoundSymbol::Kind::resolverOffset:
                // foundInfo.value contains "stub".
                // in dlsym() we want to call resolver function to get final function address
                resolver = (ResolverFunc)((uint8_t*)foundInfo.foundInDylib + foundInfo.resolverFuncOffset);
                *result = (*resolver)();
                break;
        }
        return true;
    }
    return false;
}

const char* MachOParser::segmentName(uint32_t targetSegIndex) const
{
    __block const char* result = nullptr;
    __block uint32_t segIndex  = 0;
    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        if ( segIndex == targetSegIndex ) {
            result = segName;
            stop = true;
        }
        ++segIndex;
    });
    return result;
}

#else 


bool MachOParser::uses16KPages() const
{
    return (header()->cputype == CPU_TYPE_ARM64);
}


bool MachOParser::isEncrypted() const
{
    __block bool result = false;
    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_SEGMENT_64 ) {
            const segment_command_64* segCmd = (segment_command_64*)cmd;
            if ( segCmd->flags & SG_PROTECTED_VERSION_1 ) {
                result = true;
                stop = true;
            }
        }
        else if ( cmd->cmd == LC_SEGMENT ) {
            const segment_command* segCmd = (segment_command*)cmd;
            if ( segCmd->flags & SG_PROTECTED_VERSION_1 ) {
                result = true;
                stop = true;
            }
        }
        else if ( (cmd->cmd == LC_ENCRYPTION_INFO) || (cmd->cmd == LC_ENCRYPTION_INFO_64) ) {
            const encryption_info_command* encCmd = (encryption_info_command*)cmd;
            if ( encCmd->cryptid != 0 ) {
                result = true;
                stop = true;
            }
        }
    });
    return result;
}

bool MachOParser::hasWeakDefs() const
{
    return (header()->flags & (MH_WEAK_DEFINES|MH_BINDS_TO_WEAK));
}

bool MachOParser::hasObjC() const
{
    __block bool result = false;
    forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
        if ( (strncmp(sectionName, "__objc_imageinfo", 16) == 0) && (strncmp(segmentName, "__DATA", 6) == 0) ) {
            result = true;
            stop = true;
        }
        if ( (header()->cputype == CPU_TYPE_I386) && (strcmp(sectionName, "__image_info") == 0) && (strcmp(segmentName, "__OBJC") == 0) ) {
            result = true;
            stop = true;
        }
    });
    return result;
}

bool MachOParser::hasPlusLoadMethod(Diagnostics& diag) const
{
#if 1
    __block bool result = false;
    forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop) {
        if ( ( (flags & SECTION_TYPE) == S_CSTRING_LITERALS ) ) {
            if (illegalSectionSize) {
                diag.error("cstring section %s/%s extends beyond the end of the segment", segmentName, sectionName);
                return;
            }
            const char* s   = (char*)content;
            const char* end = s + size;
            while ( s < end ) {
                if ( strcmp(s, "load") == 0 ) {
                    result = true;
                    stop = true;
                    return;
                }
                while (*s != '\0' )
                    ++s;
                ++s;
            }
        }
    });
    return result;
#else
    LayoutInfo layout;
    getLayoutInfo(layout);

    __block bool        hasSwift            = false;
    __block const void* classList           = nullptr;
    __block size_t      classListSize       = 0;
    __block const void* objcData            = nullptr;
    __block size_t      objcDataSize        = 0;
    __block const void* objcConstData       = nullptr;
    __block size_t      objcConstDataSize   = 0;
    forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool& stop) {
        if ( (strcmp(sectionName, "__objc_classlist") == 0) && (strncmp(segmentName, "__DATA", 6) == 0) ) {
            classList     = content;
            classListSize = size;
        }
        if ( (strcmp(sectionName, "__objc_imageinfo") == 0) && (strncmp(segmentName, "__DATA", 6) == 0) ) {
            const uint32_t* info = (uint32_t*)content;
            uint8_t swiftVersion = (info[1] >> 8) & 0xFF;
            if ( swiftVersion != 0 )
                hasSwift = true;
        }
    });
    if ( classList == nullptr )
        return false;
    // FIXME: might be objc and swift intermixed
    if ( hasSwift )
        return true;
    const bool      p64            = is64();
    const uint32_t  pointerSize    = (p64 ? 8 : 4);
    const uint64_t* classArray64   = (uint64_t*)classList;
    const uint32_t* classArray32   = (uint32_t*)classList;
    const uint32_t  classListCount = (uint32_t)(classListSize/pointerSize);
    for (uint32_t i=0; i < classListCount; ++i) {
        if ( p64 ) {
            uint64_t classObjAddr = classArray64[i];
            const uint64_t* classObjContent = (uint64_t*)getContentForVMAddr(layout, classObjAddr);
            uint64_t classROAddr = classObjContent[4];
            uint64_t metaClassObjAddr = classObjContent[0];
            const uint64_t* metaClassObjContent = (uint64_t*)getContentForVMAddr(layout, metaClassObjAddr);
            uint64_t metaClassROObjAddr = metaClassObjContent[4];
            const uint64_t* metaClassROObjContent = (uint64_t*)getContentForVMAddr(layout, metaClassROObjAddr);
            uint64_t metaClassMethodListAddr = metaClassROObjContent[4];
            if ( metaClassMethodListAddr != 0 ) {
                const uint64_t* metaClassMethodListContent = (uint64_t*)getContentForVMAddr(layout, metaClassMethodListAddr);
                const uint32_t methodListCount = ((uint32_t*)metaClassMethodListContent)[1];
                for (uint32_t m=0; m < methodListCount; ++m) {
                    uint64_t methodNameAddr = metaClassMethodListContent[m*3+1];
                    const char* methodNameContent = (char*)getContentForVMAddr(layout, methodNameAddr);
                    if ( strcmp(methodNameContent, "load") == 0 ) {
                        return true;
                    }
                }
            }
        }
        else {

        }
    }

    return false;
#endif
}

bool MachOParser::getCDHash(uint8_t cdHash[20])
{
    Diagnostics diag;
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() || (leInfo.codeSig == nullptr) )
        return false;

    return cdHashOfCodeSignature(getLinkEditContent(leInfo.layout, leInfo.codeSig->dataoff), leInfo.codeSig->datasize, cdHash);
 }

bool MachOParser::usesLibraryValidation() const
{
    Diagnostics diag;
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() || (leInfo.codeSig == nullptr) )
        return false;

    const CS_CodeDirectory* cd = (const CS_CodeDirectory*)findCodeDirectoryBlob(getLinkEditContent(leInfo.layout, leInfo.codeSig->dataoff), leInfo.codeSig->datasize);
    if ( cd == nullptr )
        return false;

    // check for CS_REQUIRE_LV in CS_CodeDirectory.flags
    return (htonl(cd->flags) & CS_REQUIRE_LV);
 }


bool MachOParser::isRestricted() const
{
    __block bool result = false;
    forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
        if ( (strcmp(segName, "__RESTRICT") == 0) && (strcmp(sectionName, "__restrict") == 0) ) {
            result = true;
            stop = true;
        }

    });
    return result;
}

bool MachOParser::hasCodeSignature(uint32_t& fileOffset, uint32_t& size)
{
    fileOffset = 0;
    size = 0;

	// <rdar://problem/13622786> ignore code signatures in macOS binaries built with pre-10.9 tools
    Platform platform;
    uint32_t minOS;
    uint32_t sdk;
    if ( getPlatformAndVersion(&platform, &minOS, &sdk) ) {
        // if have LC_VERSION_MIN_MACOSX and it says SDK < 10.9, so ignore code signature
        if ( (platform == Platform::macOS) && (sdk < 0x000A0900) )
            return false;
    }
    else {
        switch ( header()->cputype ) {
            case CPU_TYPE_I386:
            case CPU_TYPE_X86_64:
                // old binary with no LC_VERSION_*, assume intel binaries are old macOS binaries (ignore code signature)
                return false;
        }
    }

    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_CODE_SIGNATURE ) {
            const linkedit_data_command* sigCmd = (linkedit_data_command*)cmd;
            fileOffset = sigCmd->dataoff;
            size       = sigCmd->datasize;
            stop = true;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
    return (fileOffset != 0);
}

bool MachOParser::getEntry(uint32_t& offset, bool& usesCRT)
{
    Diagnostics diag;
    offset = 0;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_MAIN ) {
            entry_point_command* mainCmd = (entry_point_command*)cmd;
            usesCRT = false;
            offset = (uint32_t)mainCmd->entryoff;
            stop = true;
        }
        else if ( cmd->cmd == LC_UNIXTHREAD ) {
            stop = true;
            usesCRT = true;
            const uint32_t* regs32 = (uint32_t*)(((char*)cmd) + 16);
            const uint64_t* regs64 = (uint64_t*)(((char*)cmd) + 16);
            uint64_t startAddress = 0;
            switch ( header()->cputype ) {
                case CPU_TYPE_I386:
                    startAddress = regs32[10]; // i386_thread_state_t.eip
                    break;
                case CPU_TYPE_X86_64:
                    startAddress = regs64[16]; // x86_thread_state64_t.rip
                    break;
                case CPU_TYPE_ARM:
                    startAddress = regs32[15]; // arm_thread_state_t.__pc
                    break;
                case CPU_TYPE_ARM64:
                    startAddress = regs64[32]; // arm_thread_state64_t.__pc
                    break;
            }
            offset = (uint32_t)(startAddress - preferredLoadAddress());
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
    // FIXME: validate offset is into executable segment
    return (offset != 0);
}

bool MachOParser::canBePlacedInDyldCache(const std::string& path) const {
    std::set<std::string> reasons;
    return canBePlacedInDyldCache(path, reasons);
}

bool MachOParser::canBePlacedInDyldCache(const std::string& path, std::set<std::string>& reasons) const
{
    bool retval = true;
    // only dylibs can go in cache
    if ( fileType() != MH_DYLIB ) {
        reasons.insert("Not MH_DYLIB");
        return false; // cannot continue, installName() will assert() if not a dylib
    }

    // only dylibs built for /usr/lib or /System/Library can go in cache
    const char* dylibName = installName();
    if ( (strncmp(dylibName, "/usr/lib/", 9) != 0) && (strncmp(dylibName, "/System/Library/", 16) != 0) ) {
        retval = false;
        reasons.insert("Not in '/usr/lib/' or '/System/Library/'");
    }

    // flat namespace files cannot go in cache
    if ( (header()->flags & MH_TWOLEVEL) == 0 ) {
        retval = false;
        reasons.insert("Not built with two level namespaces");
    }

    // don't put debug variants into dyld cache
    if ( endsWith(path, "_profile.dylib") || endsWith(path, "_debug.dylib") || endsWith(path, "_profile") || endsWith(path, "_debug") || endsWith(path, "/CoreADI") ) {
        retval = false;
        reasons.insert("Variant image");
    }

    // dylib must have extra info for moving DATA and TEXT segments apart
    __block bool hasExtraInfo = false;
    __block bool hasDyldInfo = false;
    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_SEGMENT_SPLIT_INFO )
            hasExtraInfo = true;
        if ( cmd->cmd == LC_DYLD_INFO_ONLY )
            hasDyldInfo = true;
    });
    if ( !hasExtraInfo ) {
        retval = false;
        reasons.insert("Missing split seg info");
    }
    if ( !hasDyldInfo ) {
        retval = false;
        reasons.insert("Old binary, missing dyld info");
    }

    // dylib can only depend on other dylibs in the shared cache
    __block bool allDepPathsAreGood = true;
    forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
        if ( (strncmp(loadPath, "/usr/lib/", 9) != 0) && (strncmp(loadPath, "/System/Library/", 16) != 0) ) {
            allDepPathsAreGood = false;
            stop = true;
        }
    });
    if ( !allDepPathsAreGood ) {
        retval = false;
        reasons.insert("Depends on cache inelegible dylibs");
    }

    // dylibs with interposing info cannot be in cache
    __block bool hasInterposing = false;
    forEachInterposingTuple(diag, ^(uint32_t segIndex, uint64_t replacementSegOffset, uint64_t replaceeSegOffset, uint64_t replacementContent, bool& stop) {
        hasInterposing = true;
    });
    if ( hasInterposing ) {
        retval = false;
        reasons.insert("Has interposing tuples");
    }

    return retval;
}

bool MachOParser::isDynamicExecutable() const
{
    if ( fileType() != MH_EXECUTE )
        return false;
    
    // static executables do not have dyld load command
    __block bool hasDyldLoad = false;
    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_LOAD_DYLINKER ) {
            hasDyldLoad = true;
            stop = true;
        }
    });
    return hasDyldLoad;
}


bool MachOParser::isSlideable() const
{
    if ( header()->filetype == MH_DYLIB )
        return true;
    if ( header()->filetype == MH_BUNDLE )
        return true;
    if ( (header()->filetype == MH_EXECUTE) && (header()->flags & MH_PIE) )
        return true;

    return false;
}



bool MachOParser::hasInitializer(Diagnostics& diag) const
{
    __block bool result = false;
    forEachInitializer(diag, ^(uint32_t offset) {
        result = true;
    });
    return result;
}

void MachOParser::forEachInitializer(Diagnostics& diag, void (^callback)(uint32_t offset)) const
{
    __block uint64_t textSegAddrStart = 0;
    __block uint64_t textSegAddrEnd   = 0;

    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        if ( strcmp(segName, "__TEXT") == 0 ) {
            textSegAddrStart = vmAddr;
            textSegAddrEnd   = vmAddr + vmSize;
            stop = true;
        }
    });
    if ( textSegAddrStart == textSegAddrEnd ) {
        diag.error("no __TEXT segment");
        return;
    }

    // if dylib linked with -init linker option, that initializer is first
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_ROUTINES ) {
            const routines_command* routines = (routines_command*)cmd;
            uint64_t dashInit = routines->init_address;
            if ( (textSegAddrStart < dashInit) && (dashInit < textSegAddrEnd) )
                callback((uint32_t)(dashInit - textSegAddrStart));
            else
                diag.error("-init does not point within __TEXT segment");
        }
        else if ( cmd->cmd == LC_ROUTINES_64 ) {
            const routines_command_64* routines = (routines_command_64*)cmd;
            uint64_t dashInit = routines->init_address;
            if ( (textSegAddrStart < dashInit) && (dashInit < textSegAddrEnd) )
                callback((uint32_t)(dashInit - textSegAddrStart));
            else
                diag.error("-init does not point within __TEXT segment");
        }
    });

    // next any function pointers in mod-init section
    bool p64 = is64();
    unsigned pointerSize = p64 ? 8 : 4;
    forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
        if ( (flags & SECTION_TYPE) == S_MOD_INIT_FUNC_POINTERS ) {
            if ( (size % pointerSize) != 0 ) {
                diag.error("initializer section %s/%s has bad size", segmentName, sectionName);
                stop = true;
                return;
            }
            if ( illegalSectionSize ) {
                diag.error("initializer section %s/%s extends beyond the end of the segment", segmentName, sectionName);
                stop = true;
                return;
            }
            if ( ((long)content % pointerSize) != 0 ) {
                diag.error("initializer section %s/%s is not pointer aligned", segmentName, sectionName);
                stop = true;
                return;
            }
            if ( p64 ) {
                const uint64_t* initsStart = (uint64_t*)content;
                const uint64_t* initsEnd   = (uint64_t*)((uint8_t*)content + size);
                for (const uint64_t* p=initsStart; p < initsEnd; ++p) {
                    uint64_t anInit = *p;
                    if ( (anInit <= textSegAddrStart) || (anInit > textSegAddrEnd) ) {
                         diag.error("initializer 0x%0llX does not point within __TEXT segment", anInit);
                         stop = true;
                         break;
                    }
                    callback((uint32_t)(anInit - textSegAddrStart));
                }
            }
            else {
                const uint32_t* initsStart = (uint32_t*)content;
                const uint32_t* initsEnd   = (uint32_t*)((uint8_t*)content + size);
                for (const uint32_t* p=initsStart; p < initsEnd; ++p) {
                    uint32_t anInit = *p;
                    if ( (anInit <= textSegAddrStart) || (anInit > textSegAddrEnd) ) {
                         diag.error("initializer 0x%0X does not point within __TEXT segment", anInit);
                         stop = true;
                         break;
                    }
                    callback(anInit - (uint32_t)textSegAddrStart);
                }
            }
        }
    });
}

void MachOParser::forEachDOFSection(Diagnostics& diag, void (^callback)(uint32_t offset)) const
{
    forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
        if ( ( (flags & SECTION_TYPE) == S_DTRACE_DOF ) && !illegalSectionSize ) {
            callback((uint32_t)((uintptr_t)content - (uintptr_t)header()));
        }
    });
}


uint32_t MachOParser::segmentCount() const
{
    __block uint32_t count   = 0;
    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
        ++count;
    });
    return count;
}

void MachOParser::forEachSegment(void (^callback)(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool& stop)) const
{
    Diagnostics diag;
    __block uint32_t segIndex = 0;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
        if ( cmd->cmd == LC_SEGMENT_64 ) {
            const segment_command_64* segCmd = (segment_command_64*)cmd;
            uint64_t sizeOfSections = segCmd->vmsize;
            uint8_t p2align = 0;
            const section_64* const sectionsStart = (section_64*)((char*)segCmd + sizeof(struct segment_command_64));
            const section_64* const sectionsEnd   = &sectionsStart[segCmd->nsects];
            for (const section_64* sect=sectionsStart; sect < sectionsEnd; ++sect) {
                sizeOfSections = sect->addr + sect->size - segCmd->vmaddr;
                if ( sect->align > p2align )
                    p2align = sect->align;
            }
            callback(segCmd->segname, (uint32_t)segCmd->fileoff, (uint32_t)segCmd->filesize, segCmd->vmaddr, segCmd->vmsize, segCmd->initprot, segIndex, sizeOfSections, p2align, stop);
            ++segIndex;
        }
        else if ( cmd->cmd == LC_SEGMENT ) {
            const segment_command* segCmd = (segment_command*)cmd;
            uint64_t sizeOfSections = segCmd->vmsize;
            uint8_t p2align = 0;
            const section* const sectionsStart = (section*)((char*)segCmd + sizeof(struct segment_command));
            const section* const sectionsEnd   = &sectionsStart[segCmd->nsects];
            for (const section* sect=sectionsStart; sect < sectionsEnd; ++sect) {
                sizeOfSections = sect->addr + sect->size - segCmd->vmaddr;
                if ( sect->align > p2align )
                    p2align = sect->align;
            }
            callback(segCmd->segname, (uint32_t)segCmd->fileoff, (uint32_t)segCmd->filesize, segCmd->vmaddr, segCmd->vmsize, segCmd->initprot, segIndex, sizeOfSections, p2align, stop);
            ++segIndex;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
}

void MachOParser::forEachExportedSymbol(Diagnostics diag, void (^handler)(const char* symbolName, uint64_t imageOffset, bool isReExport, bool& stop)) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return;

    if ( leInfo.dyldInfo != nullptr ) {
        const uint8_t* trieStart    = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->export_off);
        const uint8_t* trieEnd      = trieStart + leInfo.dyldInfo->export_size;
        std::vector<ExportInfoTrie::Entry> exports;
        if ( !ExportInfoTrie::parseTrie(trieStart, trieEnd, exports) ) {
            diag.error("malformed exports trie");
            return;
        }
        bool stop = false;
        for (const ExportInfoTrie::Entry& exp : exports) {
            bool isReExport = (exp.info.flags & EXPORT_SYMBOL_FLAGS_REEXPORT);
            handler(exp.name.c_str(), exp.info.address, isReExport, stop);
            if ( stop )
                break;
        }
    }
}

bool MachOParser::invalidRebaseState(Diagnostics& diag, const char* opcodeName, const MachOParser::LinkEditInfo& leInfo,
                                    bool segIndexSet, uint32_t pointerSize, uint8_t segmentIndex, uint64_t segmentOffset, uint8_t type) const
{
    if ( !segIndexSet ) {
        diag.error("%s missing preceding REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB", opcodeName);
        return true;
    }
    if ( segmentIndex >= leInfo.layout.segmentCount )  {
        diag.error("%s segment index %d too large", opcodeName, segmentIndex);
        return true;
    }
    if ( segmentOffset > (leInfo.layout.segments[segmentIndex].segSize-pointerSize) ) {
        diag.error("%s current segment offset 0x%08llX beyond segment size (0x%08llX)", opcodeName, segmentOffset, leInfo.layout.segments[segmentIndex].segSize);
        return true;
    }
    switch ( type )  {
        case REBASE_TYPE_POINTER:
            if ( !leInfo.layout.segments[segmentIndex].writable ) {
                diag.error("%s pointer rebase is in non-writable segment", opcodeName);
                return true;
            }
            if ( leInfo.layout.segments[segmentIndex].executable ) {
                diag.error("%s pointer rebase is in executable segment", opcodeName);
                return true;
            }
            break;
        case REBASE_TYPE_TEXT_ABSOLUTE32:
        case REBASE_TYPE_TEXT_PCREL32:
            if ( !leInfo.layout.segments[segmentIndex].textRelocsAllowed ) {
                diag.error("%s text rebase is in segment that does not support text relocations", opcodeName);
                return true;
            }
            if ( leInfo.layout.segments[segmentIndex].writable ) {
                diag.error("%s text rebase is in writable segment", opcodeName);
                return true;
            }
            if ( !leInfo.layout.segments[segmentIndex].executable ) {
                diag.error("%s pointer rebase is in non-executable segment", opcodeName);
                return true;
            }
            break;
        default:
            diag.error("%s unknown rebase type %d", opcodeName, type);
            return true;
    }
    return false;
}

void MachOParser::forEachRebase(Diagnostics& diag, void (^handler)(uint32_t segIndex, uint64_t segOffset, uint8_t type, bool& stop)) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return;

    if ( leInfo.dyldInfo != nullptr ) {
        // work around linker bug that laid down rebase opcodes for lazy pointer section when -bind_at_load used
        __block int      lpSegIndex       = 0;
        __block uint64_t lpSegOffsetStart = 0;
        __block uint64_t lpSegOffsetEnd   = 0;
        bool             hasWeakBinds     = (leInfo.dyldInfo->weak_bind_size != 0);
        if ( leInfo.dyldInfo->lazy_bind_size == 0 ) {
            __block uint64_t lpAddr = 0;
            __block uint64_t lpSize = 0;
            forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& sectStop) {
                if ( (flags & SECTION_TYPE) == S_LAZY_SYMBOL_POINTERS ) {
                    lpAddr = addr;
                    lpSize = size;
                    sectStop =  true;
                }
            });
            forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& segStop) {
                if ( (vmAddr <= lpAddr) && (vmAddr+vmSize >= lpAddr+lpSize) ) {
                    lpSegOffsetStart = lpAddr - vmAddr;
                    lpSegOffsetEnd   = lpSegOffsetStart + lpSize;
                    segStop = true;
                    return;
                }
                ++lpSegIndex;
            });
        }
        // don't remove rebase if there is a weak-bind at pointer location
        bool (^weakBindAt)(uint64_t segOffset) = ^(uint64_t segOffset) {
            if ( !hasWeakBinds )
                return false;
            __block bool result = false;
            Diagnostics weakDiag;
            forEachWeakDef(weakDiag, ^(bool strongDef, uint32_t dataSegIndex, uint64_t dataSegOffset, uint64_t addend, const char* symbolName, bool& weakStop) {
                if ( segOffset == dataSegOffset ) {
                    result = true;
                    weakStop = true;
                }
            });
            return result;
        };


        const uint8_t* p    = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->rebase_off);
        const uint8_t* end  = p + leInfo.dyldInfo->rebase_size;
        const uint32_t pointerSize = (is64() ? 8 : 4);
        uint8_t  type = 0;
        int      segIndex = 0;
        uint64_t segOffset = 0;
        uint64_t count;
        uint64_t skip;
        bool     segIndexSet = false;
        bool     stop = false;
        while ( !stop && diag.noError() && (p < end) ) {
            uint8_t immediate = *p & REBASE_IMMEDIATE_MASK;
            uint8_t opcode = *p & REBASE_OPCODE_MASK;
            ++p;
            switch (opcode) {
                case REBASE_OPCODE_DONE:
                    stop = true;
                    break;
                case REBASE_OPCODE_SET_TYPE_IMM:
                    type = immediate;
                    break;
                case REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
                    segIndex = immediate;
                    segOffset = read_uleb128(diag, p, end);
                    segIndexSet = true;
                    break;
                case REBASE_OPCODE_ADD_ADDR_ULEB:
                    segOffset += read_uleb128(diag, p, end);
                    break;
                case REBASE_OPCODE_ADD_ADDR_IMM_SCALED:
                    segOffset += immediate*pointerSize;
                    break;
                case REBASE_OPCODE_DO_REBASE_IMM_TIMES:
                    for (int i=0; i < immediate; ++i) {
                        if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_IMM_TIMES", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
                            return;
                        if ( (segIndex != lpSegIndex) || (segOffset > lpSegOffsetEnd) || (segOffset < lpSegOffsetStart) || weakBindAt(segOffset) )
                            handler(segIndex, segOffset, type, stop);
                        segOffset += pointerSize;
                    }
                    break;
                case REBASE_OPCODE_DO_REBASE_ULEB_TIMES:
                    count = read_uleb128(diag, p, end);
                    for (uint32_t i=0; i < count; ++i) {
                         if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
                            return;
                        if ( (segIndex != lpSegIndex) || (segOffset > lpSegOffsetEnd) || (segOffset < lpSegOffsetStart) || weakBindAt(segOffset) )
                            handler(segIndex, segOffset, type, stop);
                        segOffset += pointerSize;
                    }
                    break;
                case REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB:
                    if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
                        return;
                    handler(segIndex, segOffset, type, stop);
                    segOffset += read_uleb128(diag, p, end) + pointerSize;
                    break;
                case REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB:
                    count = read_uleb128(diag, p, end);
                    if ( diag.hasError() )
                        break;
                    skip = read_uleb128(diag, p, end);
                    for (uint32_t i=0; i < count; ++i) {
                        if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
                            return;
                        handler(segIndex, segOffset, type, stop);
                        segOffset += skip + pointerSize;
                    }
                    break;
                default:
                    diag.error("unknown rebase opcode 0x%02X", opcode);
            }
        }
    }
    else {
        // old binary
        const relocation_info* const    relocsStart = (relocation_info*)getLinkEditContent(leInfo.layout, leInfo.dynSymTab->locreloff);
        const relocation_info* const    relocsEnd   = &relocsStart[leInfo.dynSymTab->nlocrel];
        bool                            stop = false;
        const uint8_t                   relocSize = (is64() ? 3 : 2);
        for (const relocation_info* reloc=relocsStart; (reloc < relocsEnd) && !stop; ++reloc) {
            if ( reloc->r_length != relocSize ) {
                diag.error("local relocation has wrong r_length");
                break;
            }
            if ( reloc->r_type != 0 ) { // 0 == X86_64_RELOC_UNSIGNED == GENERIC_RELOC_VANILLA ==  ARM64_RELOC_UNSIGNED
                diag.error("local relocation has wrong r_type");
                break;
            }
            doLocalReloc(diag, reloc->r_address, stop, handler);
         }
        // then process indirect symbols
        forEachIndirectPointer(diag, ^(uint32_t segIndex, uint64_t segOffset, bool bind, int bindLibOrdinal,
                                       const char* bindSymbolName, bool bindWeakImport, bool bindLazy, bool selfModifyingStub, bool& indStop) {
            if ( !bind && !bindLazy )
                handler(segIndex, segOffset, REBASE_TYPE_POINTER, indStop);
        });
    }
}

bool MachOParser::doLocalReloc(Diagnostics& diag, uint32_t r_address, bool& stop, void (^handler)(uint32_t segIndex, uint64_t segOffset, uint8_t type, bool& stop)) const
{
    bool                firstWritable = (header()->cputype == CPU_TYPE_X86_64);
    __block uint64_t    relocBaseAddress = 0;
    __block bool        baseFound = false;
    __block uint32_t    segIndex = 0;
    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool &stopSeg) {
        if ( !baseFound ) {
            if ( !firstWritable || (protections & VM_PROT_WRITE) ) {
                baseFound = true;
                relocBaseAddress = vmAddr;
            }
        }
        if ( baseFound && (vmAddr < relocBaseAddress+r_address) && (relocBaseAddress+r_address < vmAddr+vmSize) ) {
            uint8_t  type = REBASE_TYPE_POINTER;
            uint64_t segOffset = relocBaseAddress + r_address - vmAddr;
            handler(segIndex, segOffset, type, stop);
            stopSeg = true;
        }
        ++segIndex;
    });

    return false;
}

int MachOParser::libOrdinalFromDesc(uint16_t n_desc) const
{
    // -flat_namespace is always flat lookup
    if ( (header()->flags & MH_TWOLEVEL) == 0 )
        return BIND_SPECIAL_DYLIB_FLAT_LOOKUP;

    // extract byte from undefined symbol entry
    int libIndex = GET_LIBRARY_ORDINAL(n_desc);
    switch ( libIndex ) {
        case SELF_LIBRARY_ORDINAL:
            return BIND_SPECIAL_DYLIB_SELF;

        case DYNAMIC_LOOKUP_ORDINAL:
            return BIND_SPECIAL_DYLIB_FLAT_LOOKUP;

        case EXECUTABLE_ORDINAL:
            return BIND_SPECIAL_DYLIB_MAIN_EXECUTABLE;
    }

    return libIndex;
}

bool MachOParser::doExternalReloc(Diagnostics& diag, uint32_t r_address, uint32_t r_symbolnum, LinkEditInfo& leInfo, bool& stop,
                                    void (^handler)(uint32_t dataSegIndex, uint64_t dataSegOffset, uint8_t type, int libOrdinal,
                                                    uint64_t addend, const char* symbolName, bool weakImport, bool lazy, bool& stop)) const
{
    const bool          firstWritable    = (header()->cputype == CPU_TYPE_X86_64);
    const bool          is64Bit          = is64();
    __block uint64_t    relocBaseAddress = 0;
    __block bool        baseFound        = false;
    __block uint32_t    segIndex         = 0;
    forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool &stopSeg) {
        if ( !baseFound ) {
            if ( !firstWritable || (protections & VM_PROT_WRITE) ) {
                baseFound = true;
                relocBaseAddress = vmAddr;
            }
        }
        if ( baseFound && (vmAddr < relocBaseAddress+r_address) && (relocBaseAddress+r_address < vmAddr+vmSize) ) {
            uint8_t                 type        = BIND_TYPE_POINTER;
            uint64_t                segOffset   = relocBaseAddress + r_address - vmAddr;
            const void*             symbolTable = getLinkEditContent(leInfo.layout, leInfo.symTab->symoff);
            const struct nlist_64*  symbols64   = (nlist_64*)symbolTable;
            const struct nlist*     symbols32   = (struct nlist*)symbolTable;
            const char*             stringPool  = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
            uint32_t                symCount    = leInfo.symTab->nsyms;
            uint32_t                poolSize    = leInfo.symTab->strsize;
            if ( r_symbolnum < symCount ) {
                uint16_t n_desc = is64Bit ? symbols64[r_symbolnum].n_desc : symbols32[r_symbolnum].n_desc;
                uint32_t libOrdinal = libOrdinalFromDesc(n_desc);
                uint32_t strOffset = is64Bit ? symbols64[r_symbolnum].n_un.n_strx : symbols32[r_symbolnum].n_un.n_strx;
                if ( strOffset < poolSize ) {
                    const char* symbolName  = stringPool + strOffset;
                    bool        weakImport  = (n_desc & N_WEAK_REF);
                    bool        lazy        = false;
                    uint64_t    addend      = is64Bit ? (*((uint64_t*)((char*)header()+fileOffset+segOffset))) : (*((uint32_t*)((char*)header()+fileOffset+segOffset)));
                    handler(segIndex, segOffset, type, libOrdinal, addend, symbolName, weakImport, lazy, stop);
                    stopSeg = true;
                }
            }
        }
        ++segIndex;
    });

    return false;
}

bool MachOParser::invalidBindState(Diagnostics& diag, const char* opcodeName, const LinkEditInfo& leInfo, bool segIndexSet, bool libraryOrdinalSet,
                                   uint32_t dylibCount, int libOrdinal, uint32_t pointerSize, uint8_t segmentIndex, uint64_t segmentOffset, uint8_t type, const char* symbolName) const
{
    if ( !segIndexSet ) {
        diag.error("%s missing preceding BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB", opcodeName);
        return true;
    }
    if ( segmentIndex >= leInfo.layout.segmentCount )  {
        diag.error("%s segment index %d too large", opcodeName, segmentIndex);
        return true;
    }
    if ( segmentOffset > (leInfo.layout.segments[segmentIndex].segSize-pointerSize) ) {
        diag.error("%s current segment offset 0x%08llX beyond segment size (0x%08llX)", opcodeName, segmentOffset, leInfo.layout.segments[segmentIndex].segSize);
        return true;
    }
    if ( symbolName == NULL ) {
        diag.error("%s missing preceding BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM", opcodeName);
        return true;
    }
    if ( !libraryOrdinalSet ) {
        diag.error("%s missing preceding BIND_OPCODE_SET_DYLIB_ORDINAL", opcodeName);
        return true;
    }
    if ( libOrdinal > (int)dylibCount ) {
        diag.error("%s has library ordinal too large (%d) max (%d)", opcodeName, libOrdinal, dylibCount);
        return true;
    }
    if ( libOrdinal < -2 ) {
        diag.error("%s has unknown library special ordinal (%d)", opcodeName, libOrdinal);
        return true;
    }
    switch ( type )  {
        case BIND_TYPE_POINTER:
            if ( !leInfo.layout.segments[segmentIndex].writable ) {
                diag.error("%s pointer bind is in non-writable segment", opcodeName);
                return true;
            }
            if ( leInfo.layout.segments[segmentIndex].executable ) {
                diag.error("%s pointer bind is in executable segment", opcodeName);
                return true;
            }
            break;
        case BIND_TYPE_TEXT_ABSOLUTE32:
        case BIND_TYPE_TEXT_PCREL32:
            if ( !leInfo.layout.segments[segmentIndex].textRelocsAllowed ) {
                diag.error("%s text bind is in segment that does not support text relocations", opcodeName);
                return true;
            }
            if ( leInfo.layout.segments[segmentIndex].writable ) {
                diag.error("%s text bind is in writable segment", opcodeName);
                return true;
            }
            if ( !leInfo.layout.segments[segmentIndex].executable ) {
                diag.error("%s pointer bind is in non-executable segment", opcodeName);
                return true;
            }
            break;
        default:
            diag.error("%s unknown bind type %d", opcodeName, type);
            return true;
    }
    return false;
}

void MachOParser::forEachBind(Diagnostics& diag, void (^handler)(uint32_t dataSegIndex, uint64_t dataSegOffset, uint8_t type,
                              int libOrdinal, uint64_t addend, const char* symbolName, bool weakImport, bool lazy, bool& stop)) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return;
    const uint32_t dylibCount = dependentDylibCount();

    if ( leInfo.dyldInfo != nullptr ) {
        // process bind opcodes
        const uint8_t*  p    = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->bind_off);
        const uint8_t*  end  = p + leInfo.dyldInfo->bind_size;
        const uint32_t  pointerSize = (is64() ? 8 : 4);
        uint8_t         type = 0;
        uint64_t        segmentOffset = 0;
        uint8_t         segmentIndex = 0;
        const char*     symbolName = NULL;
        int             libraryOrdinal = 0;
        bool            segIndexSet = false;
        bool            libraryOrdinalSet = false;

        int64_t         addend = 0;
        uint64_t        count;
        uint64_t        skip;
        bool            weakImport = false;
        bool            done = false;
        bool            stop = false;
        while ( !done && !stop && diag.noError() && (p < end) ) {
            uint8_t immediate = *p & BIND_IMMEDIATE_MASK;
            uint8_t opcode = *p & BIND_OPCODE_MASK;
            ++p;
            switch (opcode) {
                case BIND_OPCODE_DONE:
                    done = true;
                    break;
                case BIND_OPCODE_SET_DYLIB_ORDINAL_IMM:
                    libraryOrdinal = immediate;
                    libraryOrdinalSet = true;
                    break;
                case BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB:
                    libraryOrdinal = (int)read_uleb128(diag, p, end);
                    libraryOrdinalSet = true;
                    break;
                case BIND_OPCODE_SET_DYLIB_SPECIAL_IMM:
                    // the special ordinals are negative numbers
                    if ( immediate == 0 )
                        libraryOrdinal = 0;
                    else {
                        int8_t signExtended = BIND_OPCODE_MASK | immediate;
                        libraryOrdinal = signExtended;
                    }
                    libraryOrdinalSet = true;
                    break;
                case BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM:
                    weakImport = ( (immediate & BIND_SYMBOL_FLAGS_WEAK_IMPORT) != 0 );
                    symbolName = (char*)p;
                    while (*p != '\0')
                        ++p;
                    ++p;
                    break;
                case BIND_OPCODE_SET_TYPE_IMM:
                    type = immediate;
                    break;
                case BIND_OPCODE_SET_ADDEND_SLEB:
                    addend = read_sleb128(diag, p, end);
                    break;
                case BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
                    segmentIndex = immediate;
                    segmentOffset = read_uleb128(diag, p, end);
                    segIndexSet = true;
                    break;
                case BIND_OPCODE_ADD_ADDR_ULEB:
                    segmentOffset += read_uleb128(diag, p, end);
                    break;
                case BIND_OPCODE_DO_BIND:
                    if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                        return;
                    handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
                    segmentOffset += pointerSize;
                    break;
                case BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB:
                    if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                        return;
                    handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
                    segmentOffset += read_uleb128(diag, p, end) + pointerSize;
                    break;
                case BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED:
                    if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                        return;
                    handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
                    segmentOffset += immediate*pointerSize + pointerSize;
                    break;
                case BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB:
                    count = read_uleb128(diag, p, end);
                    skip = read_uleb128(diag, p, end);
                    for (uint32_t i=0; i < count; ++i) {
                        if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                            return;
                        handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
                        segmentOffset += skip + pointerSize;
                    }
                    break;
                default:
                    diag.error("bad bind opcode 0x%02X", *p);
            }
        }
        if ( diag.hasError() || stop )
            return;
        // process lazy bind opcodes
        if ( leInfo.dyldInfo->lazy_bind_size != 0 ) {
            p               = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->lazy_bind_off);
            end             = p + leInfo.dyldInfo->lazy_bind_size;
            type            = BIND_TYPE_POINTER;
            segmentOffset   = 0;
            segmentIndex    = 0;
            symbolName      = NULL;
            libraryOrdinal  = 0;
            segIndexSet     = false;
            libraryOrdinalSet= false;
            addend          = 0;
            weakImport      = false;
            stop            = false;
            while ( !stop && diag.noError() && (p < end) ) {
                uint8_t immediate = *p & BIND_IMMEDIATE_MASK;
                uint8_t opcode = *p & BIND_OPCODE_MASK;
                ++p;
                switch (opcode) {
                    case BIND_OPCODE_DONE:
                        // this opcode marks the end of each lazy pointer binding
                        break;
                    case BIND_OPCODE_SET_DYLIB_ORDINAL_IMM:
                        libraryOrdinal = immediate;
                        libraryOrdinalSet = true;
                        break;
                    case BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB:
                        libraryOrdinal = (int)read_uleb128(diag, p, end);
                        libraryOrdinalSet = true;
                        break;
                    case BIND_OPCODE_SET_DYLIB_SPECIAL_IMM:
                        // the special ordinals are negative numbers
                        if ( immediate == 0 )
                            libraryOrdinal = 0;
                        else {
                            int8_t signExtended = BIND_OPCODE_MASK | immediate;
                            libraryOrdinal = signExtended;
                        }
                        libraryOrdinalSet = true;
                        break;
                    case BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM:
                        weakImport = ( (immediate & BIND_SYMBOL_FLAGS_WEAK_IMPORT) != 0 );
                        symbolName = (char*)p;
                        while (*p != '\0')
                            ++p;
                        ++p;
                        break;
                    case BIND_OPCODE_SET_ADDEND_SLEB:
                        addend = read_sleb128(diag, p, end);
                        break;
                    case BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
                        segmentIndex = immediate;
                        segmentOffset = read_uleb128(diag, p, end);
                        segIndexSet = true;
                        break;
                    case BIND_OPCODE_DO_BIND:
                        if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                            return;
                        handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, true, stop);
                        segmentOffset += pointerSize;
                        break;
                    case BIND_OPCODE_SET_TYPE_IMM:
                    case BIND_OPCODE_ADD_ADDR_ULEB:
                    case BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB:
                    case BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED:
                    case BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB:
                    default:
                        diag.error("bad lazy bind opcode 0x%02X", opcode);
                        break;
                }
            }
        }
    }
    else {
        // old binary, first process relocation
        const relocation_info* const    relocsStart = (relocation_info*)getLinkEditContent(leInfo.layout, leInfo.dynSymTab->extreloff);
        const relocation_info* const    relocsEnd   = &relocsStart[leInfo.dynSymTab->nextrel];
        bool                            stop = false;
        const uint8_t                   relocSize = (is64() ? 3 : 2);
        for (const relocation_info* reloc=relocsStart; (reloc < relocsEnd) && !stop; ++reloc) {
            if ( reloc->r_length != relocSize ) {
                diag.error("external relocation has wrong r_length");
                break;
            }
            if ( reloc->r_type != 0 ) { // 0 == X86_64_RELOC_UNSIGNED == GENERIC_RELOC_VANILLA == ARM64_RELOC_UNSIGNED
                 diag.error("external relocation has wrong r_type");
                break;
            }
            doExternalReloc(diag, reloc->r_address, reloc->r_symbolnum, leInfo, stop, handler);
        }
        // then process indirect symbols
        forEachIndirectPointer(diag, ^(uint32_t segIndex, uint64_t segOffset, bool bind, int bindLibOrdinal,
                                       const char* bindSymbolName, bool bindWeakImport, bool bindLazy, bool selfModifyingStub, bool& indStop) {
            if ( bind )
                handler(segIndex, segOffset, (selfModifyingStub ? BIND_TYPE_IMPORT_JMP_REL32 : BIND_TYPE_POINTER), bindLibOrdinal, 0, bindSymbolName, bindWeakImport, bindLazy, indStop);
        });
    }
}


void MachOParser::forEachWeakDef(Diagnostics& diag, void (^handler)(bool strongDef, uint32_t dataSegIndex, uint64_t dataSegOffset,
                                                                    uint64_t addend, const char* symbolName, bool& stop)) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return;

    const uint32_t dylibCount = dependentDylibCount();
    if ( leInfo.dyldInfo != nullptr ) {
        // process weak bind opcodes
        const uint8_t*  p    = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->weak_bind_off);
        const uint8_t*  end  = p + leInfo.dyldInfo->weak_bind_size;
        const uint32_t  pointerSize = (is64() ? 8 : 4);
        uint8_t         type = 0;
        uint64_t        segmentOffset = 0;
        uint8_t         segmentIndex = 0;
        const char*     symbolName = NULL;
        int64_t         addend = 0;
        uint64_t        count;
        uint64_t        skip;
        bool            segIndexSet = false;
        bool            done = false;
        bool            stop = false;
        while ( !done && !stop && diag.noError() && (p < end) ) {
            uint8_t immediate = *p & BIND_IMMEDIATE_MASK;
            uint8_t opcode = *p & BIND_OPCODE_MASK;
            ++p;
            switch (opcode) {
                case BIND_OPCODE_DONE:
                    done = true;
                    break;
                case BIND_OPCODE_SET_DYLIB_ORDINAL_IMM:
                case BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB:
                case BIND_OPCODE_SET_DYLIB_SPECIAL_IMM:
                    diag.error("unexpected dylib ordinal in weak binding info");
                    return;
                case BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM:
                    symbolName = (char*)p;
                    while (*p != '\0')
                        ++p;
                    ++p;
                    if ( (immediate & BIND_SYMBOL_FLAGS_NON_WEAK_DEFINITION) != 0 )
                        handler(true, 0, 0, 0, symbolName, stop);
                   break;
                case BIND_OPCODE_SET_TYPE_IMM:
                    type = immediate;
                    break;
                case BIND_OPCODE_SET_ADDEND_SLEB:
                    addend = read_sleb128(diag, p, end);
                    break;
                case BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
                    segmentIndex = immediate;
                    segmentOffset = read_uleb128(diag, p, end);
                    segIndexSet = true;
                    break;
                case BIND_OPCODE_ADD_ADDR_ULEB:
                    segmentOffset += read_uleb128(diag, p, end);
                    break;
                case BIND_OPCODE_DO_BIND:
                    if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                        return;
                    handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
                    segmentOffset += pointerSize;
                    break;
                case BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB:
                    if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                        return;
                    handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
                    segmentOffset += read_uleb128(diag, p, end) + pointerSize;
                    break;
                case BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED:
                     if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                        return;
                    handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
                    segmentOffset += immediate*pointerSize + pointerSize;
                    break;
                case BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB:
                    count = read_uleb128(diag, p, end);
                    skip = read_uleb128(diag, p, end);
                    for (uint32_t i=0; i < count; ++i) {
                        if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
                            return;
                        handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
                        segmentOffset += skip + pointerSize;
                    }
                    break;
                default:
                    diag.error("bad weak bind opcode 0x%02X", *p);
            }
        }
        if ( diag.hasError() || stop )
            return;
     }
    else {
        // old binary
        //assert(0 && "weak defs not supported for old binaries yet");
    }
}



void MachOParser::forEachIndirectPointer(Diagnostics& diag, void (^handler)(uint32_t dataSegIndex, uint64_t dataSegOffset, bool bind, int bindLibOrdinal,
                                                                            const char* bindSymbolName, bool bindWeakImport, bool bindLazy, bool selfModifyingStub, bool& stop)) const
{
    LinkEditInfo leInfo;
    getLinkEditPointers(diag, leInfo);
    if ( diag.hasError() )
        return;

    // find lazy and non-lazy pointer sections
    const bool              is64Bit                  = is64();
    const uint32_t* const   indirectSymbolTable      = (uint32_t*)getLinkEditContent(leInfo.layout, leInfo.dynSymTab->indirectsymoff);
    const uint32_t          indirectSymbolTableCount = leInfo.dynSymTab->nindirectsyms;
    const uint32_t          pointerSize              = is64Bit ? 8 : 4;
    const void*             symbolTable              = getLinkEditContent(leInfo.layout, leInfo.symTab->symoff);
    const struct nlist_64*  symbols64                = (nlist_64*)symbolTable;
    const struct nlist*     symbols32                = (struct nlist*)symbolTable;
    const char*             stringPool               = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
    uint32_t                symCount                 = leInfo.symTab->nsyms;
    uint32_t                poolSize                 = leInfo.symTab->strsize;
    __block bool            stop                     = false;
    forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content,
                     uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& sectionStop) {
        uint8_t  sectionType  = (flags & SECTION_TYPE);
        if ( (sectionType != S_LAZY_SYMBOL_POINTERS) && (sectionType != S_NON_LAZY_SYMBOL_POINTERS) && (sectionType != S_SYMBOL_STUBS) )
            return;
        bool selfModifyingStub = (sectionType == S_SYMBOL_STUBS) && (flags & S_ATTR_SELF_MODIFYING_CODE) && (reserved2 == 5) && (header()->cputype == CPU_TYPE_I386);
        if ( (flags & S_ATTR_SELF_MODIFYING_CODE) && !selfModifyingStub ) {
            diag.error("S_ATTR_SELF_MODIFYING_CODE section type only valid in old i386 binaries");
            sectionStop = true;
            return;
        }
        uint32_t elementSize = selfModifyingStub ? reserved2 : pointerSize;
        uint32_t elementCount = (uint32_t)(size/elementSize);
        if (greaterThanAddOrOverflow(reserved1, elementCount, indirectSymbolTableCount)) {
            diag.error("section %s overflows indirect symbol table", sectionName);
            sectionStop = true;
            return;
        }
        __block uint32_t index = 0;
        __block uint32_t segIndex = 0;
        __block uint64_t sectionSegOffset;
        forEachSegment(^(const char* segmentName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool &segStop) {
            if ( (vmAddr <= addr) && (addr < vmAddr+vmSize) ) {
                sectionSegOffset = addr - vmAddr;
                segIndex = index;
                segStop = true;
            }
            ++index;
        });

        for (int i=0; (i < elementCount) && !stop; ++i) {
            uint32_t symNum = indirectSymbolTable[reserved1 + i];
            if ( symNum == INDIRECT_SYMBOL_ABS )
                continue;
            uint64_t segOffset = sectionSegOffset+i*elementSize;
            if ( symNum == INDIRECT_SYMBOL_LOCAL ) {
                handler(segIndex, segOffset, false, 0, "", false, false, false, stop);
                continue;
            }
            if ( symNum > symCount ) {
                diag.error("indirect symbol[%d] = %d which is invalid symbol index", reserved1 + i, symNum);
                sectionStop = true;
                return;
            }
            uint16_t n_desc = is64Bit ? symbols64[symNum].n_desc : symbols32[symNum].n_desc;
            uint32_t libOrdinal = libOrdinalFromDesc(n_desc);
            uint32_t strOffset = is64Bit ? symbols64[symNum].n_un.n_strx : symbols32[symNum].n_un.n_strx;
            if ( strOffset > poolSize ) {
               diag.error("symbol[%d] string offset out of range", reserved1 + i);
                sectionStop = true;
                return;
            }
            const char* symbolName  = stringPool + strOffset;
            bool        weakImport  = (n_desc & N_WEAK_REF);
            bool        lazy        = (sectionType == S_LAZY_SYMBOL_POINTERS);
            handler(segIndex, segOffset, true, libOrdinal, symbolName, weakImport, lazy, selfModifyingStub, stop);
        }
        sectionStop = stop;
    });
}

void MachOParser::forEachInterposingTuple(Diagnostics& diag, void (^handler)(uint32_t segIndex, uint64_t replacementSegOffset, uint64_t replaceeSegOffset, uint64_t replacementContent, bool& stop)) const
{
    const bool     is64Bit      = is64();
    const unsigned entrySize    = is64Bit ? 16 : 8;
    const unsigned pointerSize  = is64Bit ?  8 : 4;
    forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& secStop) {
        if ( ((flags & SECTION_TYPE) == S_INTERPOSING) || ((strcmp(sectionName, "__interpose") == 0) && (strcmp(segmentName, "__DATA") == 0)) ) {
            if ( (size % entrySize) != 0 ) {
                diag.error("interposing section %s/%s has bad size", segmentName, sectionName);
                secStop = true;
                return;
            }
            if ( illegalSectionSize ) {
                diag.error("interposing section %s/%s extends beyond the end of the segment", segmentName, sectionName);
                secStop = true;
                return;
            }
            if ( ((long)content % pointerSize) != 0 ) {
                diag.error("interposing section %s/%s is not pointer aligned", segmentName, sectionName);
                secStop = true;
                return;
            }
            __block uint32_t sectionSegIndex  = 0;
            __block uint64_t sectionSegOffset = 0;
            forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool& segStop) {
                if ( (vmAddr <= addr) && (addr < vmAddr+vmSize) ) {
                    sectionSegIndex  = segIndex;
                    sectionSegOffset = addr - vmAddr;
                    segStop          = true;
                }
            });
            if ( sectionSegIndex == 0 ) {
                diag.error("interposing section %s/%s is not in a segment", segmentName, sectionName);
                secStop = true;
                return;
            }
            uint32_t offset = 0;
            bool tupleStop = false;
            for (int i=0; i < (size/entrySize); ++i) {
                uint64_t replacementContent = is64Bit ? (*(uint64_t*)((char*)content + offset)) :  (*(uint32_t*)((char*)content + offset));
                handler(sectionSegIndex, sectionSegOffset+offset, sectionSegOffset+offset+pointerSize, replacementContent, tupleStop);
                offset += entrySize;
                if ( tupleStop )
                    break;
            }
        }
    });
}


const void* MachOParser::content(uint64_t vmOffset)
{
    __block const void* result = nullptr;
    __block uint32_t firstSegFileOffset = 0;
    __block uint64_t firstSegVmAddr = 0;
	if ( isRaw() ) {
        forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool &stop) {
            if ( firstSegFileOffset == 0) {
                if ( fileSize == 0 )
                    return; // skip __PAGEZERO
                firstSegFileOffset = fileOffset;
                firstSegVmAddr = vmAddr;
            }
            uint64_t segVmOffset = vmAddr - firstSegVmAddr;
            if ( (vmOffset >= segVmOffset) && (vmOffset < segVmOffset+vmSize) ) {
                result = (char*)(header()) + (fileOffset - firstSegFileOffset) + (vmOffset - segVmOffset);
                stop = true;
            }
        });
	}
    else if ( inRawCache() ) {
        forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool &stop) {
            if ( firstSegFileOffset == 0 ) {
                firstSegFileOffset = fileOffset;
                firstSegVmAddr = vmAddr;
            }
            uint64_t segVmOffset = vmAddr - firstSegVmAddr;
            if ( (vmOffset >= segVmOffset) && (vmOffset < segVmOffset+vmSize) ) {
                result = (char*)(header()) + (fileOffset - firstSegFileOffset) + (vmOffset - segVmOffset);
                stop = true;
            }
        });
    }
    else {
        // non-raw cache is easy
        result = (char*)(header()) + vmOffset;
    }
	return result;
}

#endif  //  !DYLD_IN_PROCESS

bool MachOParser::isFairPlayEncrypted(uint32_t& textOffset, uint32_t& size)
{
    textOffset = 0;
    size = 0;
    Diagnostics diag;
    forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
         if ( (cmd->cmd == LC_ENCRYPTION_INFO) || (cmd->cmd == LC_ENCRYPTION_INFO_64) ) {
            const encryption_info_command* encCmd = (encryption_info_command*)cmd;
            if ( encCmd->cryptid == 1 ) {
                // Note: cryptid is 0 in just-built apps.  The iTunes App Store sets cryptid to 1
                textOffset = encCmd->cryptoff;
                size       = encCmd->cryptsize;
            }
            stop = true;
        }
    });
    diag.assertNoError();   // any malformations in the file should have been caught by earlier validate() call
    return (textOffset != 0);
}

bool MachOParser::cdHashOfCodeSignature(const void* codeSigStart, size_t codeSignLen, uint8_t cdHash[20])
{
    const CS_CodeDirectory* cd = (const CS_CodeDirectory*)findCodeDirectoryBlob(codeSigStart, codeSignLen);
    if ( cd == nullptr )
        return false;

    uint32_t cdLength = htonl(cd->length);
    if ( cd->hashType == CS_HASHTYPE_SHA256 ) {
        uint8_t digest[CC_SHA256_DIGEST_LENGTH];
        CC_SHA256(cd, cdLength, digest);
        // cd-hash of sigs that use SHA256 is the first 20 bytes of the SHA256 of the code digest
        memcpy(cdHash, digest, 20);
        return true;
    }
    else if ( cd->hashType == CS_HASHTYPE_SHA1 ) {
        // compute hash directly into return buffer
        CC_SHA1(cd, cdLength, cdHash);
        return true;
    }

    return false;
}

const void* MachOParser::findCodeDirectoryBlob(const void* codeSigStart, size_t codeSignLen)
{
    // verify min length of overall code signature
    if ( codeSignLen < sizeof(CS_SuperBlob) )
        return nullptr;

    // verify magic at start
    const CS_SuperBlob* codeSuperBlob = (CS_SuperBlob*)codeSigStart;
    if ( codeSuperBlob->magic != htonl(CSMAGIC_EMBEDDED_SIGNATURE) )
        return nullptr;

    // verify count of sub-blobs not too large
    uint32_t subBlobCount = htonl(codeSuperBlob->count);
    if ( (codeSignLen-sizeof(CS_SuperBlob))/sizeof(CS_BlobIndex) < subBlobCount )
        return nullptr;

    // walk each sub blob, looking at ones with type CSSLOT_CODEDIRECTORY
    for (uint32_t i=0; i < subBlobCount; ++i) {
        if ( codeSuperBlob->index[i].type != htonl(CSSLOT_CODEDIRECTORY) )
            continue;
        uint32_t cdOffset = htonl(codeSuperBlob->index[i].offset);
        // verify offset is not out of range
        if ( cdOffset > (codeSignLen - sizeof(CS_CodeDirectory)) )
            return nullptr;
        const CS_CodeDirectory* cd = (CS_CodeDirectory*)((uint8_t*)codeSuperBlob + cdOffset);
        uint32_t cdLength = htonl(cd->length);
        // verify code directory length not out of range
        if ( cdLength > (codeSignLen - cdOffset) )
            return nullptr;
        if ( cd->magic == htonl(CSMAGIC_CODEDIRECTORY) )
            return cd;
    }
    return nullptr;
}




} // namespace dyld3