Skip to content

W
wine-winehq
Commit 48174b6d authored by Erich Hoover's avatar Erich Hoover Committed by Alexandre Julliard
Browse files
Options

ntdll: Fix section header heap deadlock.

parent 1c62c9f7
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 9 deletions
dlls/ntdll/virtual.c
View file @ 48174b6d
...@@ -1122,7 +1122,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz ...@@ -1122,7 +1122,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
{ {
IMAGE_DOS_HEADER *dos; IMAGE_DOS_HEADER *dos;
IMAGE_NT_HEADERS *nt; IMAGE_NT_HEADERS *nt;
IMAGE_SECTION_HEADER *sec, *sections = NULL; IMAGE_SECTION_HEADER sections[96];
IMAGE_SECTION_HEADER *sec;
IMAGE_DATA_DIRECTORY *imports; IMAGE_DATA_DIRECTORY *imports;
NTSTATUS status = STATUS_CONFLICTING_ADDRESSES; NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
int i; int i;
...@@ -1168,15 +1169,10 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz ...@@ -1168,15 +1169,10 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
memset( ptr + header_size, 0, header_end - (ptr + header_size) ); memset( ptr + header_size, 0, header_end - (ptr + header_size) );
if ((char *)(nt + 1) > header_end) goto error; if ((char *)(nt + 1) > header_end) goto error;
header_start = (char*)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader; header_start = (char*)&nt->OptionalHeader+nt->FileHeader.SizeOfOptionalHeader;
if (nt->FileHeader.NumberOfSections > sizeof(sections)/sizeof(*sections)) goto error;
if (header_start + sizeof(*sections) * nt->FileHeader.NumberOfSections > header_end) goto error; if (header_start + sizeof(*sections) * nt->FileHeader.NumberOfSections > header_end) goto error;
/* Some applications (e.g. the Steam version of Borderlands) map over the top of the section headers, /* Some applications (e.g. the Steam version of Borderlands) map over the top of the section headers,
* copying the headers into local memory is necessary to properly load such applications. */ * copying the headers into local memory is necessary to properly load such applications. */
sections = RtlAllocateHeap( GetProcessHeap(), 0, sizeof(*sections) * nt->FileHeader.NumberOfSections);
if (!sections)
{
status = STATUS_NO_MEMORY;
goto error;
}
memcpy(sections, header_start, sizeof(*sections) * nt->FileHeader.NumberOfSections); memcpy(sections, header_start, sizeof(*sections) * nt->FileHeader.NumberOfSections);
sec = sections; sec = sections;
...@@ -1374,7 +1370,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz ...@@ -1374,7 +1370,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
} }
done: done:
RtlFreeHeap( GetProcessHeap(), 0, sections );
view->mapping = dup_mapping; view->mapping = dup_mapping;
view->map_protect = map_vprot; view->map_protect = map_vprot;
server_leave_uninterrupted_section( &csVirtual, &sigset ); server_leave_uninterrupted_section( &csVirtual, &sigset );
...@@ -1387,7 +1382,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz ...@@ -1387,7 +1382,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
return STATUS_SUCCESS; return STATUS_SUCCESS;
error: error:
RtlFreeHeap( GetProcessHeap(), 0, sections );
if (view) delete_view( view ); if (view) delete_view( view );
server_leave_uninterrupted_section( &csVirtual, &sigset ); server_leave_uninterrupted_section( &csVirtual, &sigset );
if (dup_mapping) NtClose( dup_mapping ); if (dup_mapping) NtClose( dup_mapping );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment