From c72c6854344d8cdd51232cc4240703ba85f834df Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Wed, 31 Mar 2010 14:09:28 -0700
Subject: [PATCH] Diagnose PT_LOAD beyond end-of-file.
 https://sourceforge.net/tracker/?func=detail&atid=102331&aid=2979240&group_id=2331

---
 src/p_lx_elf.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 3a0f5bd3..5b61d215 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -1831,6 +1831,8 @@ unsigned PackLinuxElf32::find_LOAD_gap(
     unsigned const hi = get_te32(&phdr[k].p_offset) +
                         get_te32(&phdr[k].p_filesz);
     unsigned lo = ph.u_file_size;
+    if (lo < hi)
+        throwCantPack("bad input: PT_LOAD beyond end-of-file");
     unsigned j = k;
     for (;;) { // circular search, optimize for adjacent ascending
         ++j;
@@ -1938,6 +1940,8 @@ unsigned PackLinuxElf64::find_LOAD_gap(
     unsigned const hi = get_te64(&phdr[k].p_offset) +
                         get_te64(&phdr[k].p_filesz);
     unsigned lo = ph.u_file_size;
+    if (lo < hi)
+        throwCantPack("bad input: PT_LOAD beyond end-of-file");
     unsigned j = k;
     for (;;) { // circular search, optimize for adjacent ascending
         ++j;