From a8a3caed1c073a4973bd30d768cf43c32397d878 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Sat, 9 May 2015 20:29:56 -0700
Subject: [PATCH] Check blocksize

---
 src/p_unix.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/p_unix.cpp b/src/p_unix.cpp
index 6c831467..7cac7dd1 100644
--- a/src/p_unix.cpp
+++ b/src/p_unix.cpp
@@ -565,6 +565,8 @@ void PackUnix::unpack(OutputFile *fo)
         fi->seek(4, SEEK_CUR);
     }
 
+    if ((int)(blocksize + OVERHEAD) < 0)
+        throwCantUnpack("blocksize corrupted");
     ibuf.alloc(blocksize + OVERHEAD);
 
     // decompress blocks
@@ -595,6 +597,8 @@ void PackUnix::unpack(OutputFile *fo)
             throwCompressedDataViolation();
 
         i = blocksize + OVERHEAD - sz_cpr;
+        if (i < 0)
+            throwCantUnpack("corrupt b_info");
         fi->readx(buf+i, sz_cpr);
         // update checksum of compressed data
         c_adler = upx_adler32(buf + i, sz_cpr, c_adler);