[ros-diffs] [fireball] 30691: - Add a check for an incorrect virtual size. Currently ReactOS's floppy.sys has such an incorrect section.
fireball at svn.reactos.org
fireball at svn.reactos.org
Fri Nov 23 14:39:31 CET 2007
Author: fireball
Date: Fri Nov 23 16:39:31 2007
New Revision: 30691
URL: http://svn.reactos.org/svn/reactos?rev=30691&view=rev
Log:
- Add a check for an incorrect virtual size. Currently ReactOS's floppy.sys has such an incorrect section.
Modified:
trunk/reactos/lib/rossym/frommem.c
Modified: trunk/reactos/lib/rossym/frommem.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rossym/frommem.c?rev=30691&r1=30690&r2=30691&view=diff
==============================================================================
--- trunk/reactos/lib/rossym/frommem.c (original)
+++ trunk/reactos/lib/rossym/frommem.c Fri Nov 23 16:39:31 2007
@@ -24,8 +24,9 @@
PIMAGE_DOS_HEADER DosHeader;
PIMAGE_NT_HEADERS NtHeaders;
PIMAGE_SECTION_HEADER SectionHeader;
- unsigned SectionIndex;
- char SectionName[IMAGE_SIZEOF_SHORT_NAME];
+ ULONG SectionIndex;
+ BOOLEAN RosSymSectionFound = FALSE;
+ CHAR SectionName[IMAGE_SIZEOF_SHORT_NAME];
/* Check if MZ header is valid */
DosHeader = (PIMAGE_DOS_HEADER) ImageStart;
@@ -58,11 +59,13 @@
{
if (0 == memcmp(SectionName, SectionHeader->Name, IMAGE_SIZEOF_SHORT_NAME))
{
+ RosSymSectionFound = TRUE;
break;
}
SectionHeader++;
}
- if (NtHeaders->FileHeader.NumberOfSections <= SectionIndex)
+
+ if (!RosSymSectionFound)
{
DPRINT("No %s section found\n", ROSSYM_SECTION_NAME);
return FALSE;
@@ -76,6 +79,12 @@
return FALSE;
}
+ if (SectionHeader->VirtualAddress + SectionHeader->Misc.VirtualSize > ImageSize)
+ {
+ DPRINT("Bad %s section virtual size!\n", ROSSYM_SECTION_NAME);
+ return FALSE;
+ }
+
/* Load it */
return RosSymCreateFromRaw((char *) ImageStart + SectionHeader->VirtualAddress,
SectionHeader->SizeOfRawData, RosSymInfo);
More information about the Ros-diffs
mailing list