mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-10-05 19:20:23 +08:00
Code Issues Releases Wiki Activity

PackUnix::canUnpack() allows zero-filled last page

Browse Source
This commit is contained in:
John Reiser 2012-08-03 13:19:28 -07:00
parent 074671aa71
commit 1579182ed9
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/p_unix.cpp
View File

@ -503,18 +503,25 @@ void PackUnix::unpackExtent(unsigned wanted, OutputFile *fo,
int PackUnix::canUnpack() int PackUnix::canUnpack()
{ {
upx_byte buf[sizeof(overlay_offset) + 32]; int const small = 32 + sizeof(overlay_offset);
// Allow zero-filled last page, for Mac OS X code signing.
upx_byte buf[4096 + 2*small +1];
const int bufsize = sizeof(buf); const int bufsize = sizeof(buf);
fi->seek(-bufsize, SEEK_END); fi->seek(-bufsize, SEEK_END);
fi->readx(buf, bufsize); fi->readx(buf, bufsize);
if (!getPackHeader(buf, bufsize, true)) // allow incompressible extents buf[small] = 1; // Prevent running off the low-address end.
upx_byte *ptr = &buf[bufsize];
while (0 == *--ptr) ;
ptr -= small;
// allow incompressible extents
if (!getPackHeader(ptr, bufsize - (ptr - buf), true))
return false; return false;
int l = ph.buf_offset + ph.getPackHeaderSize(); int l = ph.buf_offset + ph.getPackHeaderSize();
if (l < 0 || l + 4 > bufsize) if (l < 0 || l + 4 > bufsize)
throwCantUnpack("file corrupted"); throwCantUnpack("file corrupted");
overlay_offset = get_te32(buf+l); overlay_offset = get_te32(ptr+l);
if ((off_t)overlay_offset >= file_size) if ((off_t)overlay_offset >= file_size)
throwCantUnpack("file corrupted"); throwCantUnpack("file corrupted");