More care when recovering from slid b_info

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65531 https://github.com/upx/upx/issues/762 modified: p_lx_elf.cpp
2025-09-28 19:06:07 +08:00 · 2024-01-10 13:38:18 -08:00 · 2024-01-10 13:38:18 -08:00 · d549c2b5c9
commit d549c2b5c9
parent f310ce376e
1 changed files with 2 additions and 1 deletions
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@ -7405,7 +7405,8 @@ void PackLinuxElf64::unpack(OutputFile *fo)
                        }
                    }
                    int boff = find_le32(peek_arr, sizeof(peek_arr), size);
-                    if (boff < 0) {
+                    if (boff < 0
+                    || sizeof(peek_arr) < (boff + sizeof(b_info))) {
                        throwCantUnpack("b_info corrupted");
                    }
                    bp = (b_info *)(void *)&peek_arr[boff];