Master/upx
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

more checking of PackUnix::p_info at unpack

Browse Source 
https://github.com/upx/upx/issues/781
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65864
	modified:   p_unix.cpp
This commit is contained in:
John Reiser
2024-01-27 13:06:59 -08:00
parent ac72c02793
commit 2767ec54e1
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/p_unix.cpp
+6 -1
View File
@@ -619,9 +619,14 @@ void PackUnix::unpack(OutputFile *fo)
fi->readx(&hbuf, sizeof(hbuf)); fi->readx(&hbuf, sizeof(hbuf));
orig_file_size = get_te32(&hbuf.p_filesize); orig_file_size = get_te32(&hbuf.p_filesize);
blocksize = get_te32(&hbuf.p_blocksize); blocksize = get_te32(&hbuf.p_blocksize);
off_t max_inflated = file_size * 273; // zlib limit (256 + 16 + 1)
if (file_size > (off_t)orig_file_size || blocksize > orig_file_size) if (max_inflated < orig_file_size
|| max_inflated < blocksize
|| file_size > (off_t)orig_file_size
|| blocksize > orig_file_size) {
throwCantUnpack("file header corrupted"); throwCantUnpack("file header corrupted");
}
} }
else else
{ {