Better checking for malformed input

https://github.com/upx/upx/issues modified: p_vmlinx.cpp
2025-03-03 13:27:49 +00:00 · 2019-07-21 10:48:50 -07:00 · 2019-07-21 10:48:50 -07:00 · 58b122d97d
commit 58b122d97d
parent 276b748aa6
1 changed files with 5 additions and 3 deletions
--- a/src/p_vmlinx.cpp
+++ b/src/p_vmlinx.cpp
@ -111,9 +111,11 @@ typename T::Shdr const *PackVmlinuxBase<T>::getElfSections()
    int j;
    for (p = shdri, j= ehdri.e_shnum; --j>=0; ++p) {
        if (Shdr::SHT_STRTAB==p->sh_type
-        &&  (p->sh_size + p->sh_offset) <= (unsigned long)file_size
-        &&       p->sh_name  <  p->sh_size
-        &&  (10+ p->sh_name) <= p->sh_size  // 1+ strlen(".shstrtab")
+        &&  p->sh_offset  <   (unsigned long)file_size
+        &&  p->sh_size    <= ((unsigned long)file_size - p->sh_offset)
+        &&  p->sh_name    <   (unsigned long)file_size
+        &&  10            <= ((unsigned long)file_size - p->sh_name)
+                // 10 == (1+ strlen(".shstrtab"))
        ) {
            delete [] shstrtab;
            shstrtab = new char[1+ p->sh_size];