From d3e780d617014a883b2b181021b58d11b98eb46c Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Wed, 10 Jan 2024 14:07:58 -0800
Subject: [PATCH] Unpacking ELF requires e_phnum at least 2

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65535
https://github.com/upx/upx/issues/763
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 08b16e5a..52a84efd 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -2420,6 +2420,9 @@ tribool PackLinuxElf32::canUnpack() // bool, except -1: format known, but not pa
     if (checkEhdr(&ehdri)) {
         return false;
     }
+    if (get_te16(&ehdri.e_phnum) < 2) {
+        throwCantUnpack("e_phnum must be >= 2");
+    }
     if (Elf32_Ehdr::ET_DYN==get_te16(&ehdri.e_type)) {
         PackLinuxElf32help1(fi);
     }
@@ -2966,6 +2969,9 @@ tribool PackLinuxElf64::canUnpack() // bool, except -1: format known, but not pa
     if (checkEhdr(&ehdri)) {
         return false;
     }
+    if (get_te16(&ehdri.e_phnum) < 2) {
+        throwCantUnpack("e_phnum must be >= 2");
+    }
     if (Elf64_Ehdr::ET_DYN==get_te16(&ehdri.e_type)) {
         PackLinuxElf64help1(fi);
     }