From 01a30752c7f8761da8a909a1baec75c9d842462c Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Thu, 29 Dec 2022 14:02:42 -0800
Subject: [PATCH] Mach-O: allow 256 ncmds and 32768 sizeofcmds

https://github.com/upx/upx/issues/642
	modified:   p_mach.cpp
	modified:   stub/src/i386-darwin.macho-upxmain.c
	modified:   stub/src/powerpc-darwin.macho-upxmain.c
---
 src/p_mach.cpp                              | 6 +++---
 src/stub/src/i386-darwin.macho-upxmain.c    | 2 +-
 src/stub/src/powerpc-darwin.macho-upxmain.c | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/p_mach.cpp b/src/p_mach.cpp
index 47bbe310..2c778d40 100644
--- a/src/p_mach.cpp
+++ b/src/p_mach.cpp
@@ -1515,7 +1515,7 @@ void PackMachBase<T>::unpack(OutputFile *fo)
     ||  mhdri.filetype   != mhdr->filetype)
         throwCantUnpack("file header corrupted");
     unsigned const ncmds = mhdr->ncmds;
-    if (!ncmds || 24 < ncmds) { // arbitrary limit
+    if (!ncmds || 256 < ncmds) { // arbitrary limit
         char msg[40]; snprintf(msg, sizeof(msg),
             "bad Mach_header.ncmds = %d", ncmds);
         throwCantUnpack(msg);
@@ -1946,8 +1946,8 @@ bool PackMachBase<T>::canPack()
         throwCantPack(buf);
     }
     if (!sz_mhcmds
-    ||  16384 < sz_mhcmds) { // somewhat arbitrary, but amd64-darwin.macho-upxmain.c
-        throwCantPack("16384 < Mach_header.sizeofcmds (or ==0)");
+    ||  32768 < sz_mhcmds) { // somewhat arbitrary, but *-darwin.macho-upxmain.c
+        throwCantPack("32768 < Mach_header.sizeofcmds (or ==0)");
     }
     rawmseg_buf.alloc(sz_mhcmds);
     rawmseg = (Mach_segment_command *)(void *)rawmseg_buf;
diff --git a/src/stub/src/i386-darwin.macho-upxmain.c b/src/stub/src/i386-darwin.macho-upxmain.c
index f7cb92e9..14f4c5ae 100644
--- a/src/stub/src/i386-darwin.macho-upxmain.c
+++ b/src/stub/src/i386-darwin.macho-upxmain.c
@@ -776,7 +776,7 @@ main(int argc, char *argv[])
             break;
         }
     }
-    char mhdr[16384];
+    char mhdr[32768];
     uint32_t entry = upx_main((struct l_info const *)payload, paysize,
         (Mach_header *)mhdr, sizeof(mhdr),
         f_exp, f_unf, (Mach_header **)&argv[-2]);
diff --git a/src/stub/src/powerpc-darwin.macho-upxmain.c b/src/stub/src/powerpc-darwin.macho-upxmain.c
index df414fbd..58385cf0 100644
--- a/src/stub/src/powerpc-darwin.macho-upxmain.c
+++ b/src/stub/src/powerpc-darwin.macho-upxmain.c
@@ -733,7 +733,7 @@ main(int argc, char *argv[])
             break;
         }
     }
-    char mhdr[16384];
+    char mhdr[32768];
     uint32_t entry = upx_main((struct l_info const *)payload, paysize,
         (Mach_header *)mhdr, sizeof(mhdr),
         f_exp, f_unf, (Mach_header **)&argv[-2]);