33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
Backport of
|
|
|
|
https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
|
|
|
|
--- a/src/p_tmt.cpp
|
|
+++ b/src/p_tmt.cpp
|
|
@@ -177,6 +177,8 @@ int PackTmt::readFileHeader()
|
|
unsigned const entry = get_le32(&ih.entry);
|
|
unsigned const relocsize = get_le32(&ih.relocsize);
|
|
if (!imagesize
|
|
+ || imagesize < sizeof(ih)
|
|
+ || entry < sizeof(ih)
|
|
|| file_size <= imagesize
|
|
|| file_size <= entry
|
|
|| file_size <= relocsize) {
|
|
@@ -216,14 +218,14 @@ void PackTmt::pack(OutputFile *fo)
|
|
obuf.allocForCompression(usize+rsize+128);
|
|
|
|
MemBuffer wrkmem;
|
|
- wrkmem.alloc(rsize+EXTRA_INFO); // relocations
|
|
+ wrkmem.alloc(rsize+EXTRA_INFO+4); // relocations + original entry point + relocsize
|
|
|
|
fi->seek(adam_offset+sizeof(ih),SEEK_SET);
|
|
fi->readx(ibuf,usize);
|
|
fi->readx(wrkmem+4,rsize);
|
|
const unsigned overlay = file_size - fi->tell();
|
|
|
|
- if (find_le32(ibuf,128,get_le32("UPX ")) >= 0)
|
|
+ if (find_le32(ibuf,UPX_MIN(128u,usize),get_le32("UPX ")) >= 0)
|
|
throwAlreadyPacked();
|
|
if (rsize == 0)
|
|
throwCantPack("file is already compressed with another packer");
|