mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

p_tmt: more sanity of input, cleanup MemBuffer usage

Browse Source 
https://github.com/upx/upx/issues/632
	modified:   src/p_tmt.cpp
This commit is contained in:
John Reiser 2022-11-24 10:28:03 -08:00 committed by Markus F.X.J. Oberhumer
parent 741cb3a136
commit 510505a85c
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/p_tmt.cpp
View File

@ -139,7 +139,8 @@ int PackTmt::readFileHeader() {
unsigned const imagesize = ih.imagesize;
unsigned const entry = ih.entry;
unsigned const relocsize = ih.relocsize;
if (!imagesize || file_size <= imagesize || file_size <= entry || file_size <= relocsize) {
if (imagesize < sizeof(ih) || entry < sizeof(ih) || file_size <= imagesize ||
file_size <= entry || file_size <= relocsize) {
printWarn(getName(), "bad header; imagesize=%#x entry=%#x relocsize=%#x", imagesize,
entry, relocsize);
return 0;
@ -172,7 +173,7 @@ void PackTmt::pack(OutputFile *fo) {
obuf.allocForCompression(usize + rsize + 128);
MemBuffer mb_wrkmem;
mb_wrkmem.alloc(rsize + EXTRA_INFO); // relocations
mb_wrkmem.alloc(rsize + EXTRA_INFO + 4); // relocations + original entry point + relocsize
SPAN_S_VAR(upx_byte, wrkmem, mb_wrkmem);
fi->seek(adam_offset + sizeof(ih), SEEK_SET);
@ -180,7 +181,7 @@ void PackTmt::pack(OutputFile *fo) {
fi->readx(wrkmem + 4, rsize);
const unsigned overlay = file_size - fi->tell();
if (find_le32(ibuf, 128, get_le32("UPX ")) >= 0)
if (find_le32(ibuf, UPX_MIN(128u, usize), get_le32("UPX ")) >= 0)
throwAlreadyPacked();
if (rsize == 0)
throwCantPack("file is already compressed with another packer");