From cdd152d015261bf28ddefe39535f48a72b6e0424 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Sat, 9 May 2015 20:13:30 -0700
Subject: [PATCH] Detect (int)blocksize < 0

---
 src/p_lx_elf.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 840f4938..d2300501 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -3014,7 +3014,8 @@ void PackLinuxElf64::unpack(OutputFile *fo)
     p_info hbuf;  fi->readx(&hbuf, sizeof(hbuf));
     unsigned orig_file_size = get_te32(&hbuf.p_filesize);
     blocksize = get_te32(&hbuf.p_blocksize);
-    if (file_size > (off_t)orig_file_size || blocksize > orig_file_size)
+    if (file_size > (off_t)orig_file_size || blocksize > orig_file_size
+    || (int)(blocksize + OVERHEAD) < 0)
         throwCantUnpack("p_info corrupted");
 
     ibuf.alloc(blocksize + OVERHEAD);