From b4c4b1fb70f28a2e730ac1ddb39f66bea96afeeb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Moln=C3=A1r?=
 <ezerotven+github@gmail.com>
Date: Thu, 1 Mar 2007 16:57:12 +0100
Subject: [PATCH] dos/exe: fixed a bug in relocation handling

---
 NEWS          | 1 +
 src/p_exe.cpp | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index a2ac3c6b..f68527b0 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ Changes in 2.93 beta (XX XXX 2007):
     because runtime decompression is about 30 times slower than NRV -
     which is really noticable on old machines.
   * win32/pe & arm/pe: better icon compression handling
+  * dos/exe: fixed a rarely occuring bug in relocation handling
 
 Changes in 2.92 beta (23 Jan 2007):
   * new option '--ultra-brute' which tries even more variants
diff --git a/src/p_exe.cpp b/src/p_exe.cpp
index 685d360e..294bb4a3 100644
--- a/src/p_exe.cpp
+++ b/src/p_exe.cpp
@@ -388,7 +388,7 @@ unsigned optimize_relocs(upx_byte *b, const unsigned size,
                 break;
             }
             unsigned offs = addr - es*16;
-            if (offs >= 3 && b[es*16 + offs-3] == 0x9a)
+            if (offs >= 3 && b[es*16 + offs-3] == 0x9a && offs > di + 3)
             {
                 for (t = di; t < offs-3; t++)
                     if (b[es*16+t] == 0x9a && get_le16(b+es*16+t+3) <= seg_high)