From 787a5cdaa46349a335d4682cdbffab098b3f3d08 Mon Sep 17 00:00:00 2001 From: Aleksey Bragin Date: Fri, 23 Nov 2007 13:39:31 +0000 Subject: [PATCH] - Add a check for an incorrect virtual size. Currently ReactOS's floppy.sys has such an incorrect section. svn path=/trunk/; revision=30691 --- reactos/lib/rossym/frommem.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/reactos/lib/rossym/frommem.c b/reactos/lib/rossym/frommem.c index 8bf97fe9eb9..b5042b7ddf6 100644 --- a/reactos/lib/rossym/frommem.c +++ b/reactos/lib/rossym/frommem.c @@ -24,8 +24,9 @@ RosSymCreateFromMem(PVOID ImageStart, ULONG_PTR ImageSize, PROSSYM_INFO *RosSymI PIMAGE_DOS_HEADER DosHeader; PIMAGE_NT_HEADERS NtHeaders; PIMAGE_SECTION_HEADER SectionHeader; - unsigned SectionIndex; - char SectionName[IMAGE_SIZEOF_SHORT_NAME]; + ULONG SectionIndex; + BOOLEAN RosSymSectionFound = FALSE; + CHAR SectionName[IMAGE_SIZEOF_SHORT_NAME]; /* Check if MZ header is valid */ DosHeader = (PIMAGE_DOS_HEADER) ImageStart; @@ -58,11 +59,13 @@ RosSymCreateFromMem(PVOID ImageStart, ULONG_PTR ImageSize, PROSSYM_INFO *RosSymI { if (0 == memcmp(SectionName, SectionHeader->Name, IMAGE_SIZEOF_SHORT_NAME)) { + RosSymSectionFound = TRUE; break; } SectionHeader++; } - if (NtHeaders->FileHeader.NumberOfSections <= SectionIndex) + + if (!RosSymSectionFound) { DPRINT("No %s section found\n", ROSSYM_SECTION_NAME); return FALSE; @@ -76,6 +79,12 @@ RosSymCreateFromMem(PVOID ImageStart, ULONG_PTR ImageSize, PROSSYM_INFO *RosSymI return FALSE; } + if (SectionHeader->VirtualAddress + SectionHeader->Misc.VirtualSize > ImageSize) + { + DPRINT("Bad %s section virtual size!\n", ROSSYM_SECTION_NAME); + return FALSE; + } + /* Load it */ return RosSymCreateFromRaw((char *) ImageStart + SectionHeader->VirtualAddress, SectionHeader->SizeOfRawData, RosSymInfo);