From e4a611bcaed669f99afd642a26086925c480ecb2 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Wed, 10 Jan 2024 16:28:17 -0800
Subject: [PATCH] PeFile ::readPeHeader should check ih.subsystem.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65526
https://github.com/upx/upx/issues/767
	modified:   pefile.cpp
---
 src/pefile.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/pefile.cpp b/src/pefile.cpp
index 865738ec..397420a2 100644
--- a/src/pefile.cpp
+++ b/src/pefile.cpp
@@ -3106,6 +3106,9 @@ PeFile32::~PeFile32() noexcept {}
 
 void PeFile32::readPeHeader() {
     fi->readx(&ih, sizeof(ih));
+    if (31 < (unsigned) ih.subsystem) {
+        throwCantPack("bad ih.subsystem 0x%x", (unsigned) ih.subsystem);
+    }
     isefi = ((1u << ih.subsystem) &
              ((1u << IMAGE_SUBSYSTEM_EFI_APPLICATION) |
               (1u << IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER) |
@@ -3159,6 +3162,9 @@ PeFile64::~PeFile64() noexcept {}
 
 void PeFile64::readPeHeader() {
     fi->readx(&ih, sizeof(ih));
+    if (31 < (unsigned) ih.subsystem) {
+        throwCantPack("bad ih.subsystem 0x%x", (unsigned) ih.subsystem);
+    }
     isefi = ((1u << ih.subsystem) &
              ((1u << IMAGE_SUBSYSTEM_EFI_APPLICATION) |
               (1u << IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER) |