From cb35ba454343329721145a9d8ecb34a862791e77 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Sat, 9 May 2015 20:14:32 -0700
Subject: [PATCH] At ::unpack much of decompressed Mach_header must match outer
 Mach_header

---
 src/p_mach.cpp | 5 +++++
 src/p_mach.h   | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/p_mach.cpp b/src/p_mach.cpp
index bb97bc9a..5bc320b3 100644
--- a/src/p_mach.cpp
+++ b/src/p_mach.cpp
@@ -1304,6 +1304,11 @@ void PackMachBase<T>::unpack(OutputFile *fo)
     fi->readx(ibuf, ph.c_len);
     Mach_header *const mhdr = (Mach_header *)new upx_byte[ph.u_len];
     decompress(ibuf, (upx_byte *)mhdr, false);
+    if (mhdri.magic      != mhdr->magic
+    ||  mhdri.cputype    != mhdr->cputype
+    ||  mhdri.cpusubtype != mhdr->cpusubtype
+    ||  mhdri.filetype   != mhdr->filetype)
+        throwCantUnpack("file header corrupted");
     unsigned const ncmds = mhdr->ncmds;
 
     msegcmd = new Mach_segment_command[ncmds];
diff --git a/src/p_mach.h b/src/p_mach.h
index 79da8416..fa522383 100644
--- a/src/p_mach.h
+++ b/src/p_mach.h
@@ -71,7 +71,7 @@ __packed_struct(Mach_header)
 
     Word magic;
     Word cputype;
-    Word cpysubtype;
+    Word cpusubtype;
     Word filetype;
     Word ncmds;
     Word sizeofcmds;
@@ -87,7 +87,7 @@ __packed_struct(Mach_header64)
 
     Word magic;
     Word cputype;
-    Word cpysubtype;
+    Word cpusubtype;
     Word filetype;
     Word ncmds;
     Word sizeofcmds;