From 4c32a8e3d430607bc349762d4aa39ddd06440c42 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Sat, 4 May 2024 10:35:39 -0700
Subject: [PATCH] Fix attempted recovery from corrupted b_info

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66271&q=label%3AProj-upx
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 93334941..063aae33 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -8618,7 +8618,7 @@ void PackLinuxElf32::unpack(OutputFile *fo)
                         }
                     }
                     int boff = find_le32(peek_arr, sizeof(peek_arr), size);
-                    if (boff < 0) {
+                    if (boff < 0 || sizeof(peek_arr) < (sizeof(*bp) + boff)) {
                         throwCantUnpack("b_info corrupted");
                     }
                     bp = (b_info *)(void *)&peek_arr[boff];