Avoid overflow in ceil(exepack_size/16) in stub.

I noticed this while trying to run tests/maxlen_maxrelocs_compressible.packed.exe, which has an exepack_size of 0xffff. The program doesn't run in DOSBox anyway, unless I reduce the size of the uncompressed data in the test. (I'm guessing it has something to do with a too-large stack pointer.) But if I altered the test to use `len = 0x1f000`, then DOSBox would run it, and before this change crash due to the overflow.
viiri · Sep 5, 2021 · f3629d9 · f3629d9
1 parent c7e2d6d
commit f3629d9
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,12 @@
 ## v1.3.0
 
+The decompression stub now works when the size of the EXEPACK block
+(exepack_size in the EXEPACK header) is 0xfff1 or greater. Such a large
+EXEPACK block is only possible if the packed relocation table contains
+between 32,594 and 32,601 entries. Previously, in this case, the
+computation (exepack_size + 15)/16 resulted in an integer overflow, and
+an incorrect computation of where to copy the EXEPACK block at runtime.
+
 
 ## v1.2.0 2021-09-04
 

diff --git a/src/stub.asm b/src/stub.asm
@@ -59,7 +59,8 @@ copy_exepack_block:
 	mov dx, ds
 	mov ax, cx
 	add ax, 15
-	shr ax, 4
+	rcr ax, 1		; shift in the carry flag, in case (exepack_size + 15) overflowed
+	shr ax, 3
 	add ax, dx		; ax = ds + ceil(exepack_size/16)
 
 	mov dx, bx

diff --git a/src/stub.bin b/src/stub.bin