From 330fca722a627ee28deae9708875583ed58f5ff4 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Fri, 15 May 2015 05:36:21 -0700
Subject: [PATCH] too large: blocksize > 1024*1024*1024  [corrupted]

---
 src/p_lx_elf.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index d2300501..ee7f2b44 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -3015,7 +3015,7 @@ void PackLinuxElf64::unpack(OutputFile *fo)
     unsigned orig_file_size = get_te32(&hbuf.p_filesize);
     blocksize = get_te32(&hbuf.p_blocksize);
     if (file_size > (off_t)orig_file_size || blocksize > orig_file_size
-    || (int)(blocksize + OVERHEAD) < 0)
+    ||  blocksize > 1024*1024*1024)
         throwCantUnpack("p_info corrupted");
 
     ibuf.alloc(blocksize + OVERHEAD);
@@ -3534,7 +3534,8 @@ void PackLinuxElf32::unpack(OutputFile *fo)
     p_info hbuf;  fi->readx(&hbuf, sizeof(hbuf));
     unsigned orig_file_size = get_te32(&hbuf.p_filesize);
     blocksize = get_te32(&hbuf.p_blocksize);
-    if (file_size > (off_t)orig_file_size || blocksize > orig_file_size)
+    if (file_size > (off_t)orig_file_size || blocksize > orig_file_size
+    ||  blocksize > 1024*1024*1024)
         throwCantUnpack("p_info corrupted");
 
     ibuf.alloc(blocksize + OVERHEAD);