From e52a3ceb483f3a8a22d0dffc367e6c825d2b60cc Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Thu, 20 Feb 2025 20:23:24 -0800
Subject: [PATCH] Unpack: Entire ElfXX_Ehdr must be present in de-compressed
 Ehdr+Phdrs

https://issues.oss-fuzz.com/u/1/issues/397728078
(previous commit: https://issues.oss-fuzz.com/u/1/issues/397500915)
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index e8f855ab..f5f74934 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -7674,6 +7674,8 @@ void PackLinuxElf64::unpack(OutputFile *fo)
                 fi->readx(ibuf, ph.c_len);
             }
         }
+        if (ph.u_len < sizeof(*ehdr))
+            throwCantUnpack("ElfXX_Ehdr corrupted");
         decompress(ibuf, (upx_byte *)ehdr, false);
         if (ehdr->e_type   !=ehdri.e_type
         ||  ehdr->e_machine!=ehdri.e_machine
@@ -8885,6 +8887,8 @@ void PackLinuxElf32::unpack(OutputFile *fo)
         if (ibuf.getSize() < ph.c_len)
             throwCompressedDataViolation();
         fi->readx(ibuf, ph.c_len);
+        if (ph.u_len < sizeof(*ehdr))
+            throwCantUnpack("ElfXX_Ehdr corrupted");
         decompress(ibuf, (upx_byte *)ehdr, false);
         if (ehdr->e_type   !=ehdri.e_type
         ||  ehdr->e_machine!=ehdri.e_machine