Backport of

https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4

--- a/src/p_tmt.cpp
+++ b/src/p_tmt.cpp
@@ -177,6 +177,8 @@ int PackTmt::readFileHeader()
     unsigned const entry     = get_le32(&ih.entry);
     unsigned const relocsize = get_le32(&ih.relocsize);
     if (!imagesize
+    ||  imagesize < sizeof(ih)
+    ||  entry < sizeof(ih)
     ||  file_size <= imagesize
     ||  file_size <= entry
     ||  file_size <= relocsize) {
@@ -216,14 +218,14 @@ void PackTmt::pack(OutputFile *fo)
     obuf.allocForCompression(usize+rsize+128);
 
     MemBuffer wrkmem;
-    wrkmem.alloc(rsize+EXTRA_INFO); // relocations
+    wrkmem.alloc(rsize+EXTRA_INFO+4); // relocations + original entry point + relocsize
 
     fi->seek(adam_offset+sizeof(ih),SEEK_SET);
     fi->readx(ibuf,usize);
     fi->readx(wrkmem+4,rsize);
     const unsigned overlay = file_size - fi->tell();
 
-    if (find_le32(ibuf,128,get_le32("UPX ")) >= 0)
+    if (find_le32(ibuf,UPX_MIN(128u,usize),get_le32("UPX ")) >= 0)
         throwAlreadyPacked();
     if (rsize == 0)
         throwCantPack("file is already compressed with another packer");