From a6b5033cf1a564e79dbefb5c9ade9e2665ecf9af Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Thu, 10 Dec 2020 19:31:56 -0800
Subject: [PATCH] Fix overlap detection for PE unoptimizeReloc()

https://github.com/upx/upx/issues/438
	modified:   packer.cpp
---
 src/packer.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/packer.cpp b/src/packer.cpp
index 1d93f4f1..5a15475a 100644
--- a/src/packer.cpp
+++ b/src/packer.cpp
@@ -1020,7 +1020,7 @@ unsigned Packer::unoptimizeReloc(upx_byte **in, upx_byte *image,
             }
             jc += dif;
         }
-        *relocs++ = jc;
+        *relocs++ = jc;  // FIXME: range check jc
         if (!--relocn) {
             break;
         }
@@ -1028,14 +1028,16 @@ unsigned Packer::unoptimizeReloc(upx_byte **in, upx_byte *image,
         {
             if (bits == 32) {
                 acc_ua_swab32s(image + jc);
-                if (((image + jc) - p) < 4) { // data cannot overlap control
-                    p = image + jc + 4;
+                if ((unsigned long)(p - (image + jc)) < 4) {
+                    // data must not overlap control
+                    p = 4+ image + jc;
                 }
             }
             else if (bits == 64) {
                 set_be64(image + jc, get_le64(image + jc));
-                if (((image + jc) - p) < 8) { // data cannot overlap control
-                    p = image + jc + 8;
+                if ((unsigned long)(p - (image + jc)) < 8) {
+                    // data must not overlap control
+                    p = 8+ image + jc;
                 }
             }
             else