Browse code
bb#11213 - Bail earlier if we detect an integer overflow
Shawn Webb authored on 2014/12/04 22:43:43Showing 1 changed files
| ... | ... |
@@ -222,6 +222,10 @@ static int pefromupx (const char *src, uint32_t ssize, char *dst, uint32_t *dsiz |
| 222 | 222 |
cli_writeint32(sections+12, urva); |
| 223 | 223 |
cli_writeint32(sections+16, vsize); |
| 224 | 224 |
cli_writeint32(sections+20, foffset); |
| 225 |
+ if (foffset + vsize < foffset) {
|
|
| 226 |
+ /* Integer overflow */ |
|
| 227 |
+ return 0; |
|
| 228 |
+ } |
|
| 225 | 229 |
foffset+=vsize; |
| 226 | 230 |
|
| 227 | 231 |
sections+=0x28; |