From 4cb4bd38eb8a6a8a6481e23f26df20049ee494cb Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Wed, 15 Apr 2020 14:24:05 -0700
Subject: [PATCH] check_pt_dynamic() checks PT_DYNAMIC.p_memsz

https://github.com/upx/upx/issues/368
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 9f9cd4f0..87b99231 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -4970,6 +4970,7 @@ PackLinuxElf32::check_pt_dynamic(Elf32_Phdr const *const phdr)
     if (s < t || (u32_t)file_size < s
     ||  (3 & t) || (7 & (filesz | memsz))  // .balign 4; 8==sizeof(Elf32_Dyn)
     ||  (-1+ align) & (t ^ vaddr)
+    ||  (unsigned long)file_size <= memsz
     ||  filesz < sizeof(Elf32_Dyn)
     ||  memsz  < sizeof(Elf32_Dyn)
     ||  filesz < memsz) {
@@ -5071,6 +5072,7 @@ PackLinuxElf64::check_pt_dynamic(Elf64_Phdr const *const phdr)
     if (s < t || (upx_uint64_t)file_size < s
     ||  (7 & t) || (0xf & (filesz | memsz))  // .balign 8; 16==sizeof(Elf64_Dyn)
     ||  (-1+ align) & (t ^ vaddr)
+    ||  (unsigned long)file_size <= memsz
     ||  filesz < sizeof(Elf64_Dyn)
     ||  memsz  < sizeof(Elf64_Dyn)
     ||  filesz < memsz) {