From a31666e4e2f65cfb70a8ad4c27dec8ca9db62096 Mon Sep 17 00:00:00 2001
From: Aleksandar Andrejevic <aandrejevic@reactos.org>
Date: Fri, 2 May 2014 14:38:36 +0000
Subject: [PATCH] [NTOSKRNL] If we cannot read the file at offset e_lfanew, it
 means that the value of e_lfanew is invalid.

svn path=/branches/ntvdm/; revision=63105
---
 ntoskrnl/mm/section.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c
index f138dd24275..f88fbba3466 100644
--- a/ntoskrnl/mm/section.c
+++ b/ntoskrnl/mm/section.c
@@ -284,7 +284,14 @@ l_ReadHeaderFromFile:
         nStatus = ReadFileCb(File, &lnOffset, sizeof(IMAGE_NT_HEADERS64), &pData, &pBuffer, &cbReadSize);
 
         if(!NT_SUCCESS(nStatus))
-            DIE(("ReadFile failed, status %08X\n", nStatus));
+        {
+            NTSTATUS ReturnedStatus = nStatus;
+
+            /* If it attempted to read past the end of the file, it means e_lfanew is invalid */
+            if (ReturnedStatus == STATUS_END_OF_FILE) nStatus = STATUS_INVALID_IMAGE_FORMAT;
+
+            DIE(("ReadFile failed, status %08X\n", ReturnedStatus));
+        }
 
         ASSERT(pData);
         ASSERT(pBuffer);