From 7b06ba0b78d4acb82eac48477f774531b4d9d9ca Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Fri, 31 Jan 2025 11:32:48 -0800
Subject: [PATCH] Detect empty DT_STRTAB

https://github.com/upx/upx/issues/872
fuzzing from leon.weiss AT @ruhr-uni-bochum.de
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index fdcc32b7..70fa34a3 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -2365,7 +2365,7 @@ PackLinuxElf32::invert_pt_dynamic(Elf32_Dyn const *dynp, u32_t headway)
     }
     unsigned const strtab_beg = !z_tab ? 0 : elf_get_offset_from_address(tmp1);
 
-    if (!z_str || !z_tab
+    if (!z_str || !z_tab || !(strtab_max + strtab_beg)
     || (this->file_size - strtab_beg) < strtab_max  // strtab overlaps EOF
         // last string in table must have terminating NUL
     ||  '\0' != ((char *)file_image.getVoidPtr())[-1+ strtab_max + strtab_beg]
@@ -8481,7 +8481,7 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
     }
     unsigned const strtab_beg = !z_tab ? 0 : elf_get_offset_from_address(tmp1);
 
-    if (!z_str || !z_tab
+    if (!z_str || !z_tab || !(strtab_max + strtab_beg)
     || (this->file_size - strtab_beg) < strtab_max  // strtab overlaps EOF
         // last string in table must have terminating NUL
     ||  '\0' != ((char *)file_image.getVoidPtr())[-1+ strtab_max + strtab_beg]