[ros-diffs] [arty] 22421: Fixed rare block end overwrite.

[arty at svn.reactos.org]

Author: arty
Date: Mon Jun 19 19:55:17 2006
New Revision: 22421

URL: http://svn.reactos.ru/svn/reactos?rev=22421&view=rev
Log:
Fixed rare block end overwrite.

Modified:
    trunk/reactos/tools/pefixup.c

Modified: trunk/reactos/tools/pefixup.c
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/tools/pefixup.c?rev=22421&r1=22420&r2=22421&view=diff
==============================================================================
--- trunk/reactos/tools/pefixup.c (original)
+++ trunk/reactos/tools/pefixup.c Mon Jun 19 19:55:17 2006
@@ -249,11 +249,13 @@
    if (len < sizeof(IMAGE_DOS_HEADER))
    {
       close(fd_in);
-      printf("'%s' isn't a PE image.\n", argv[1]);
-      return 1;
-   }
-
-   buffer = malloc((len + 1) & ~1);
+      printf("'%s' isn't a PE image (too short)\n", argv[1]);
+      return 1;
+   }
+
+   /* Lower down we overwrite the byte at len, so here, we need at least
+    * one more byte than len.  We'll be guaranteed one or two now. */
+   buffer = malloc((len + 2) & ~1);
    if (buffer == NULL)
    {
       close(fd_in);
@@ -264,6 +266,7 @@
    /* Read the whole input file into a buffer */
    lseek(fd_in, 0, SEEK_SET);
    read(fd_in, buffer, len);
+   /* Here is where the block end overwrite was */
    if (len & 1)
       buffer[len] = 0;
 
@@ -279,7 +282,7 @@
    if (dos_header->e_magic != IMAGE_DOS_SIGNATURE ||
        nt_header->Signature != IMAGE_NT_SIGNATURE)
    {
-      printf("'%s' isn't a PE image.\n", argv[1]);
+      printf("'%s' isn't a PE image (headers %x,%x)\n", argv[1], dos_header->e_magic, nt_header->Signature);
       free(buffer);
       return 1;
    }