jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

too large: blocksize > 1024*1024*1024 [corrupted]

Browse Source
This commit is contained in:
John Reiser 2015-05-15 05:36:21 -07:00
parent 8939cd120b
commit 330fca722a
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/p_lx_elf.cpp
View File

@ -3015,7 +3015,7 @@ void PackLinuxElf64::unpack(OutputFile *fo)
unsigned orig_file_size = get_te32(&hbuf.p_filesize); unsigned orig_file_size = get_te32(&hbuf.p_filesize);
blocksize = get_te32(&hbuf.p_blocksize); blocksize = get_te32(&hbuf.p_blocksize);
if (file_size > (off_t)orig_file_size || blocksize > orig_file_size if (file_size > (off_t)orig_file_size || blocksize > orig_file_size
|| (int)(blocksize + OVERHEAD) < 0) || blocksize > 1024*1024*1024)
throwCantUnpack("p_info corrupted"); throwCantUnpack("p_info corrupted");
ibuf.alloc(blocksize + OVERHEAD); ibuf.alloc(blocksize + OVERHEAD);
@ -3534,7 +3534,8 @@ void PackLinuxElf32::unpack(OutputFile *fo)
p_info hbuf; fi->readx(&hbuf, sizeof(hbuf)); p_info hbuf; fi->readx(&hbuf, sizeof(hbuf));
unsigned orig_file_size = get_te32(&hbuf.p_filesize); unsigned orig_file_size = get_te32(&hbuf.p_filesize);
blocksize = get_te32(&hbuf.p_blocksize); blocksize = get_te32(&hbuf.p_blocksize);
if (file_size > (off_t)orig_file_size || blocksize > orig_file_size) if (file_size > (off_t)orig_file_size || blocksize > orig_file_size
|| blocksize > 1024*1024*1024)
throwCantUnpack("p_info corrupted"); throwCantUnpack("p_info corrupted");
ibuf.alloc(blocksize + OVERHEAD); ibuf.alloc(blocksize + OVERHEAD);