From 1e3555a6b7b0301eaf79c6ae6aebd224fbbc4914 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Moln=C3=A1r?=
 <ezerotven+github@gmail.com>
Date: Mon, 20 Dec 2010 00:35:57 +0100
Subject: [PATCH] added some input validity checks (for sf.net bug 3122661)

---
 src/p_armpe.cpp | 8 +++++---
 src/p_w32pe.cpp | 7 ++++---
 src/pefile.cpp  | 2 ++
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/p_armpe.cpp b/src/p_armpe.cpp
index f61c75f2..97f4f99d 100644
--- a/src/p_armpe.cpp
+++ b/src/p_armpe.cpp
@@ -244,7 +244,7 @@ unsigned PackArmPe::processImports() // pass 1
 
         soimport += strlen(dlls[ic].name) + 1 + 4;
 
-        for (LE32 *tarr = dlls[ic].lookupt; *tarr; tarr++)
+        for (IPTR_I(LE32, tarr, dlls[ic].lookupt); *tarr; tarr += 1)
         {
             if (*tarr & 0x80000000)
             {
@@ -256,10 +256,12 @@ unsigned PackArmPe::processImports() // pass 1
             }
             else
             {
-                unsigned len = strlen(ibuf + *tarr + 2);
+            {
+                IPTR_I(const upx_byte, n, ibuf + *tarr + 2);
+                unsigned len = strlen(n);
                 soimport += len + 1;
                 if (dlls[ic].shname == NULL || len < strlen (dlls[ic].shname))
-                    dlls[ic].shname = ibuf + *tarr + 2;
+                    dlls[ic].shname = n;
             }
             soimport++; // separator
         }
diff --git a/src/p_w32pe.cpp b/src/p_w32pe.cpp
index 6032f2fe..fba58f84 100644
--- a/src/p_w32pe.cpp
+++ b/src/p_w32pe.cpp
@@ -407,7 +407,7 @@ unsigned PackW32Pe::processImports() // pass 1
 
         soimport += strlen(dlls[ic].name) + 1 + 4;
 
-        for (LE32 *tarr = dlls[ic].lookupt; *tarr; tarr++)
+        for (IPTR_I(LE32, tarr, dlls[ic].lookupt); *tarr; tarr += 1)
         {
             if (*tarr & 0x80000000)
             {
@@ -419,10 +419,11 @@ unsigned PackW32Pe::processImports() // pass 1
             }
             else
             {
-                unsigned len = strlen(ibuf + *tarr + 2);
+                IPTR_I(const upx_byte, n, ibuf + *tarr + 2);
+                unsigned len = strlen(n);
                 soimport += len + 1;
                 if (dlls[ic].shname == NULL || len < strlen (dlls[ic].shname))
-                    dlls[ic].shname = ibuf + *tarr + 2;
+                    dlls[ic].shname = n;
             }
             soimport++; // separator
         }
diff --git a/src/pefile.cpp b/src/pefile.cpp
index d781563a..4c6460fd 100644
--- a/src/pefile.cpp
+++ b/src/pefile.cpp
@@ -1698,6 +1698,8 @@ void PeFile::unpack(OutputFile *fo)
     extrainfo += sizeof (oh);
     unsigned objs = oh.objects;
 
+    if ((int) objs <= 0)
+        throwCantUnpack("unexpected value in the PE header");
     Array(pe_section_t, osection, objs);
     memcpy(osection,extrainfo,sizeof(pe_section_t) * objs);
     rvamin = osection[0].vaddr;