From 58b122d97da1e02dfec24b10b6b8f56218b5622c Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Sun, 21 Jul 2019 10:48:50 -0700
Subject: [PATCH] Better checking for malformed input

https://github.com/upx/upx/issues
	modified:   p_vmlinx.cpp
---
 src/p_vmlinx.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/p_vmlinx.cpp b/src/p_vmlinx.cpp
index 3fc26bbe..6d380195 100644
--- a/src/p_vmlinx.cpp
+++ b/src/p_vmlinx.cpp
@@ -111,9 +111,11 @@ typename T::Shdr const *PackVmlinuxBase<T>::getElfSections()
     int j;
     for (p = shdri, j= ehdri.e_shnum; --j>=0; ++p) {
         if (Shdr::SHT_STRTAB==p->sh_type
-        &&  (p->sh_size + p->sh_offset) <= (unsigned long)file_size
-        &&       p->sh_name  <  p->sh_size
-        &&  (10+ p->sh_name) <= p->sh_size  // 1+ strlen(".shstrtab")
+        &&  p->sh_offset  <   (unsigned long)file_size
+        &&  p->sh_size    <= ((unsigned long)file_size - p->sh_offset)
+        &&  p->sh_name    <   (unsigned long)file_size
+        &&  10            <= ((unsigned long)file_size - p->sh_name)
+                // 10 == (1+ strlen(".shstrtab"))
         ) {
             delete [] shstrtab;
             shstrtab = new char[1+ p->sh_size];