From 8c0321697fb337f24e1d8c869a2c03c2d63629dc Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Fri, 8 May 2015 20:13:44 -0700
Subject: [PATCH] Check PackHeader before decompress; CERT-FI
 id:000002,sig:06,src:000000,op:flip1,pos:4629

---
 src/packer.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/packer.cpp b/src/packer.cpp
index 041088c9..16738bb4 100644
--- a/src/packer.cpp
+++ b/src/packer.cpp
@@ -361,6 +361,9 @@ void ph_decompress(PackHeader &ph, const upx_bytep in, upx_bytep out,
     }
 
     // decompress
+    if (ph.u_len < ph.c_len) {
+        throwCantUnpack("header corrupted");
+    }
     unsigned new_len = ph.u_len;
     int r = upx_decompress(in, ph.c_len, out, &new_len, ph.method, &ph.compress_result);
     if (r == UPX_E_OUT_OF_MEMORY)