Check more carefully in invert_pt_dynamic()

https://github.com/upx/upx/issues/566 modified: p_lx_elf.cpp
2022-02-28 07:55:49 -08:00 · 2022-02-28 07:55:49 -08:00 · e5aeea9ed2
commit e5aeea9ed2
parent f204670008
1 changed files with 8 additions and 4 deletions
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@ -5357,11 +5357,13 @@ PackLinuxElf32::check_pt_dynamic(Elf32_Phdr const *const phdr)
    unsigned vaddr = get_te32(&phdr->p_vaddr);
    unsigned filesz = get_te32(&phdr->p_filesz), memsz = get_te32(&phdr->p_memsz);
    unsigned align = get_te32(&phdr->p_align);
-    if (s < t || (u32_t)file_size < (filesz + t)
+    if (file_size_u < t || s < t
+    ||  file_size_u < filesz
+    ||  file_size_u < (filesz + t)
    ||  t < (e_phnum*sizeof(Elf32_Phdr) + sizeof(Elf32_Ehdr))
    ||  (3 & t) || (7 & (filesz | memsz))  // .balign 4; 8==sizeof(Elf32_Dyn)
    ||  (-1+ align) & (t ^ vaddr)
-    ||  (unsigned long)file_size <= memsz
+    ||  file_size_u <= memsz
    ||  filesz < sizeof(Elf32_Dyn)
    ||  memsz  < sizeof(Elf32_Dyn)
    ||  filesz < memsz) {
@ -5460,11 +5462,13 @@ PackLinuxElf64::check_pt_dynamic(Elf64_Phdr const *const phdr)
    upx_uint64_t vaddr = get_te64(&phdr->p_vaddr);
    upx_uint64_t filesz = get_te64(&phdr->p_filesz), memsz = get_te64(&phdr->p_memsz);
    upx_uint64_t align = get_te64(&phdr->p_align);
-    if (s < t || (upx_uint64_t)file_size < (filesz + t)
+    if (file_size_u < t || s < t
+    ||  file_size_u < filesz
+    ||  file_size_u < (filesz + t)
    ||  t < (e_phnum*sizeof(Elf64_Phdr) + sizeof(Elf64_Ehdr))
    ||  (7 & t) || (0xf & (filesz | memsz))  // .balign 8; 16==sizeof(Elf64_Dyn)
    ||  (-1+ align) & (t ^ vaddr)
-    ||  (unsigned long)file_size <= memsz
+    ||  file_size_u <= memsz
    ||  filesz < sizeof(Elf64_Dyn)
    ||  memsz  < sizeof(Elf64_Dyn)
    ||  filesz < memsz) {