From b8b64a3e0f34fa0a38dac7776636db86d314710c Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Mon, 17 Feb 2025 08:26:17 -0800
Subject: [PATCH] Fuzz nuisance: wild p_info for de-compression

https://issues.oss-fuzz.com/u/1/issues/383200048
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 491c7458..cdcce010 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -7606,6 +7606,8 @@ void PackLinuxElf64::unpack(OutputFile *fo)
     unsigned orig_file_size = get_te32(&hbuf.p_filesize);
     blocksize = get_te32(&hbuf.p_blocksize);
     if ((u32_t)file_size > orig_file_size || blocksize > orig_file_size
+        || (orig_file_size >> 8) > (u32_t)file_size  // heuristic anti-fuzz
+        ||      (blocksize >> 8) > (u32_t)file_size
         || !mem_size_valid(1, blocksize, OVERHEAD))
         throwCantUnpack("p_info corrupted");
 
@@ -8831,6 +8833,8 @@ void PackLinuxElf32::unpack(OutputFile *fo)
     unsigned orig_file_size = get_te32(&hbuf.p_filesize);
     blocksize = get_te32(&hbuf.p_blocksize);
     if ((u32_t)file_size > orig_file_size || blocksize > orig_file_size
+        || (orig_file_size >> 8) > (u32_t)file_size  // heuristic anti-fuzz
+        ||      (blocksize >> 8) > (u32_t)file_size
         || !mem_size_valid(1, blocksize, OVERHEAD))
         throwCantUnpack("p_info corrupted");