find_overlay_offset() did not check carefully enough

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65518 https://github.com/upx/upx/issues/760 modified: p_unix.cpp
2024-01-10 10:05:28 -08:00 · 2024-01-10 10:05:28 -08:00 · 6dde9f7dc0
parent 3dca1175e5
commit 6dde9f7dc0
1 changed files with 1 additions and 1 deletions
--- a/src/p_unix.cpp
+++ b/src/p_unix.cpp
@ -581,7 +581,7 @@ int PackUnix::find_overlay_offset(MemBuffer const &buf)
        return false;

    int l = ph.buf_offset + ph.getPackHeaderSize();
-    if (l < 0 || l + 4 > bufsize)
+    if (l < 0 || i + l + 4 > bufsize)
        throwCantUnpack("file corrupted");
    overlay_offset = get_te32(buf + i + l);
    if ((off_t)overlay_offset >= file_size)