M_LZMA with hi parameter bytes confused --ultra-brute

https://github.com/upx/upx/issues/900
	modified:   packhead.cpp
	modified:   p_lx_elf.cpp

src/p_lx_elf.cpp

@@ -1534,7 +1534,7 @@ PackLinuxElf32::buildLinuxLoader(
 //   SO_MAIN  C-language supervision based on PT_LOADs
         char sec[120]; memset(sec, 0, sizeof(sec));  // debug convenience
         int len = 0;
-        unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
+        unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
         len += snprintf(sec, sizeof(sec), "%s", "SO_HEAD,ptr_NEXT,EXP_HEAD");
 
         // Start of dasiy-chain fall-through.
@@ -1586,7 +1586,7 @@ PackLinuxElf32::buildLinuxLoader(
         initLoader(fold, szfold);
         char sec[120]; memset(sec, 0, sizeof(sec));  // debug convenience
         int len = 0;
-        unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
+        unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
         len += snprintf(sec, sizeof(sec), "%s", ".text,EXP_HEAD");
         if (((1u<<M_NRV2B_LE32)|(1u<<M_NRV2B_8)|(1u<<M_NRV2B_LE16)) & m_decompr) {
             len += snprintf(&sec[len], sizeof(sec) - len, ",%s", "NRV2B");
@@ -1692,7 +1692,7 @@ PackLinuxElf32::buildLinuxLoader(
             defineSymbols(ft);
     }
     else { // main program with ELF1 de-compressor
-        addStubEntrySections(ft, methods_used | (1u << ph_forced_method(ph.method)) );
+        addStubEntrySections(ft, methods_used | (1u << (0xFF & ph_forced_method(ph.method))) );
         if (!xct_off) { // main program
             defineSymbols(ft);
         }
@@ -1731,7 +1731,7 @@ PackLinuxElf64::buildLinuxLoader(
 //   SO_MAIN  C-language supervision based on PT_LOADs
         char sec[120]; memset(sec, 0, sizeof(sec));  // debug convenience
         int len = 0;
-        unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
+        unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
         len += snprintf(sec, sizeof(sec), "%s", "SO_HEAD,ptr_NEXT,EXP_HEAD");
 
         // Start of dasiy-chain fall-through.
@@ -1776,7 +1776,7 @@ PackLinuxElf64::buildLinuxLoader(
         initLoader(fold, szfold);
         char sec[120]; memset(sec, 0, sizeof(sec));  // debug convenience
         int len = 0;
-        unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
+        unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
         len += snprintf(sec, sizeof(sec), "%s", ".text,EXP_HEAD");
         if (((1u<<M_NRV2B_LE32)|(1u<<M_NRV2B_8)|(1u<<M_NRV2B_LE16)) & m_decompr) {
             len += snprintf(&sec[len], sizeof(sec) - len, ",%s", "NRV2B");
@@ -1881,7 +1881,7 @@ PackLinuxElf64::buildLinuxLoader(
         }
     }
     else { // main program with ELF1 de-compressor
-        addStubEntrySections(ft, methods_used | (1u << ph_forced_method(ph.method)) );
+        addStubEntrySections(ft, methods_used | (1u << (0xFF & ph_forced_method(ph.method))) );
         if (!xct_off) { // main program
             defineSymbols(ft);
         }

src/packhead.cpp

@@ -47,7 +47,10 @@ void PackHeader::reset() noexcept {
 
 int PackHeader::set_method(int m, unsigned offset) {
     unsigned mc = ~(0x80u << 24) & m; // see ph_forced_method
-    if ((mc < M_NRV2B_LE32 || M_LZMA < mc) && ~0u != offset)
+    unsigned lo = 0xFF & m;
+    // See packer_c.cpp for "hi bytes" in M_LZMA_003 and M_LZMA_407.
+    // "hi bytes" are not allowed unless M_LZMA.
+    if ((lo < M_NRV2B_LE32 || M_LZMA < lo || (M_LZMA != lo && mc != lo)) && ~0u != offset)
         throwCantPack("bad method %#x at %#x", (unsigned) m, offset);
     return method = m;
 }