mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

Beware fuzzer setting compressed size too small

Browse Source 
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65519
https://github.com/upx/upx/issues/761
	modified:   p_unix.cpp
This commit is contained in:
John Reiser 2024-01-10 11:20:47 -08:00 committed by Markus F.X.J. Oberhumer
parent 553fc9b1fb
commit f310ce376e
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/p_unix.cpp
View File

@ -597,6 +597,8 @@ int PackUnix::find_overlay_offset(MemBuffer const &buf)
// See notes there.
**************************************************************************/
static unsigned umax(unsigned a, unsigned b) {return (a < b) ? b : a;}
void PackUnix::unpack(OutputFile *fo)
{
b_info bhdr;
@ -658,7 +660,11 @@ void PackUnix::unpack(OutputFile *fo)
if (sz_cpr > sz_unc || sz_unc > blocksize)
throwCompressedDataViolation();
i = blocksize + OVERHEAD - sz_cpr;
// Compressed output has control bytes such as the 32-bit
// first flag bits of NRV_d32, the 5-byte info of LZMA, etc.
// Fuzzers may try sz_cpr shorter than possible.
// Use some OVERHEAD for safety.
i = blocksize + OVERHEAD - umax(12, sz_cpr);
if (i < 0)
throwCantUnpack("corrupt b_info");
fi->readx(buf+i, sz_cpr);