Mirror
/
upx
mirror of https://github.com/upx/upx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Unpack: Entire ElfXX_Ehdr must be present in de-compressed Ehdr+Phdrs 

https://issues.oss-fuzz.com/u/1/issues/397728078
(previous commit: https://issues.oss-fuzz.com/u/1/issues/397500915)
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2025-02-20 20:23:24 -08:00
parent 8cce9cf641
commit e52a3ceb48
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/p_lx_elf.cpp
View File

@ -7674,6 +7674,8 @@ void PackLinuxElf64::unpack(OutputFile *fo)
fi->readx(ibuf, ph.c_len); fi->readx(ibuf, ph.c_len);
} }
} }
if (ph.u_len < sizeof(*ehdr))
throwCantUnpack("ElfXX_Ehdr corrupted");
decompress(ibuf, (upx_byte *)ehdr, false); decompress(ibuf, (upx_byte *)ehdr, false);
if (ehdr->e_type !=ehdri.e_type if (ehdr->e_type !=ehdri.e_type
|| ehdr->e_machine!=ehdri.e_machine || ehdr->e_machine!=ehdri.e_machine
@ -8885,6 +8887,8 @@ void PackLinuxElf32::unpack(OutputFile *fo)
if (ibuf.getSize() < ph.c_len) if (ibuf.getSize() < ph.c_len)
throwCompressedDataViolation(); throwCompressedDataViolation();
fi->readx(ibuf, ph.c_len); fi->readx(ibuf, ph.c_len);
if (ph.u_len < sizeof(*ehdr))
throwCantUnpack("ElfXX_Ehdr corrupted");
decompress(ibuf, (upx_byte *)ehdr, false); decompress(ibuf, (upx_byte *)ehdr, false);
if (ehdr->e_type !=ehdri.e_type if (ehdr->e_type !=ehdri.e_type
|| ehdr->e_machine!=ehdri.e_machine || ehdr->e_machine!=ehdri.e_machine