From 143f0accefe2495b801bf2fb5a7f95307b63f4f2 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Tue, 21 Nov 2017 13:07:42 -0800
Subject: [PATCH] PeFile check MZ offset to PE header

	modified:   pefile.cpp
---
 src/pefile.cpp | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/pefile.cpp b/src/pefile.cpp
index 96bddefb..a9bb2ab8 100644
--- a/src/pefile.cpp
+++ b/src/pefile.cpp
@@ -162,10 +162,17 @@ int PeFile::readFileHeader()
 
         if (h.mz == 'M' + 'Z'*256) // dos exe
         {
-            if (h.relocoffs >= 0x40)      // new format exe
-                pe_offset += h.nexepos;
-            else
-                pe_offset += h.p512*512+h.m512 - h.m512 ? 512 : 0;
+            unsigned const delta = (h.relocoffs >= 0x40)
+                ? h.nexepos // new format exe
+                : (h.p512*512+h.m512 - h.m512 ? 512 : 0);
+
+            if ((pe_offset + delta) < delta  // wrap-around
+            ||  (pe_offset + delta) > file_size) {
+                char buf[64]; snprintf(buf, sizeof(buf),
+                    "bad PE delta %#x at offset %#x", delta, pe_offset);
+                throwCantPack(buf);
+            }
+            pe_offset += delta;
         }
         else if (get_le32(&h) == 'P' + 'E'*256)
             break;