From 14975187236377240a013c7b505043d496b8ee04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Milkovi=C4=8D?= <marek.milkovic@avast.com>
Date: Tue, 8 Dec 2020 18:30:39 +0100
Subject: [PATCH] Fixed possible access to unallocated memory in MPRESS
 unpacker

If the size of data is less than 0x1000 then we can possibly underflow
unsigned int and access unallocated data.
---
 src/unpackertool/plugins/mpress/mpress.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/unpackertool/plugins/mpress/mpress.cpp b/src/unpackertool/plugins/mpress/mpress.cpp
index 0551540c6..2734a6f3e 100644
--- a/src/unpackertool/plugins/mpress/mpress.cpp
+++ b/src/unpackertool/plugins/mpress/mpress.cpp
@@ -234,7 +234,7 @@ std::uint32_t MpressPlugin::getFixStub()
 void MpressPlugin::fixJumpsAndCalls(DynamicBuffer& buffer)
 {
 	std::uint32_t pos = 0;
-	std::uint32_t maxAddr = buffer.getRealDataSize() - 0x1000;
+	std::uint32_t maxAddr = std::max(0, static_cast<std::int32_t>(buffer.getRealDataSize()) - 0x1000);
 	while (pos < maxAddr)
 	{
 		std::uint32_t moveOffset = pos;