Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
516fc78a
Commit
516fc78a
authored
May 08, 2010
by
Eric Pouech
Committed by
Alexandre Julliard
May 10, 2010
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
dbghelp: Protect PE's COFF table reading against bogus values in NTHEADER.
parent
df710826
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
39 additions
and
10 deletions
+39
-10
pe_module.c
dlls/dbghelp/pe_module.c
+39
-10
No files found.
dlls/dbghelp/pe_module.c
View file @
516fc78a
...
@@ -172,6 +172,25 @@ unsigned pe_get_map_size(const struct image_section_map* ism)
...
@@ -172,6 +172,25 @@ unsigned pe_get_map_size(const struct image_section_map* ism)
}
}
/******************************************************************
/******************************************************************
* pe_is_valid_pointer_table
*
* Checks whether the PointerToSymbolTable and NumberOfSymbols in file_header contain
* valid information.
*/
static
BOOL
pe_is_valid_pointer_table
(
const
IMAGE_NT_HEADERS
*
nthdr
,
const
void
*
mapping
)
{
DWORD64
offset
;
/* is the iSym table inside file image ? */
offset
=
(
DWORD64
)
nthdr
->
FileHeader
.
PointerToSymbolTable
;
offset
+=
(
DWORD64
)
nthdr
->
FileHeader
.
NumberOfSymbols
*
sizeof
(
IMAGE_SYMBOL
);
if
(
offset
>
(
DWORD64
)
nthdr
->
OptionalHeader
.
SizeOfImage
)
return
FALSE
;
/* is string table (following iSym table) inside file image ? */
offset
+=
*
(
DWORD
*
)((
const
char
*
)
mapping
+
offset
);
return
offset
<=
(
DWORD64
)
nthdr
->
OptionalHeader
.
SizeOfImage
;
}
/******************************************************************
* pe_map_file
* pe_map_file
*
*
* Maps an PE file into memory (and checks it's a real PE file)
* Maps an PE file into memory (and checks it's a real PE file)
...
@@ -209,16 +228,26 @@ static BOOL pe_map_file(HANDLE file, struct image_file_map* fmap, enum module_ty
...
@@ -209,16 +228,26 @@ static BOOL pe_map_file(HANDLE file, struct image_file_map* fmap, enum module_ty
}
}
if
(
nthdr
->
FileHeader
.
PointerToSymbolTable
&&
nthdr
->
FileHeader
.
NumberOfSymbols
)
if
(
nthdr
->
FileHeader
.
PointerToSymbolTable
&&
nthdr
->
FileHeader
.
NumberOfSymbols
)
{
{
/* FIXME ugly: should rather map the relevant content instead of copying it */
if
(
pe_is_valid_pointer_table
(
nthdr
,
mapping
))
const
char
*
src
=
(
const
char
*
)
mapping
+
{
nthdr
->
FileHeader
.
PointerToSymbolTable
+
/* FIXME ugly: should rather map the relevant content instead of copying it */
nthdr
->
FileHeader
.
NumberOfSymbols
*
sizeof
(
IMAGE_SYMBOL
);
const
char
*
src
=
(
const
char
*
)
mapping
+
char
*
dst
;
nthdr
->
FileHeader
.
PointerToSymbolTable
+
DWORD
sz
=
*
(
DWORD
*
)
src
;
nthdr
->
FileHeader
.
NumberOfSymbols
*
sizeof
(
IMAGE_SYMBOL
);
char
*
dst
;
if
((
dst
=
HeapAlloc
(
GetProcessHeap
(),
0
,
sz
)))
DWORD
sz
=
*
(
DWORD
*
)
src
;
memcpy
(
dst
,
src
,
sz
);
fmap
->
u
.
pe
.
strtable
=
dst
;
if
((
dst
=
HeapAlloc
(
GetProcessHeap
(),
0
,
sz
)))
memcpy
(
dst
,
src
,
sz
);
fmap
->
u
.
pe
.
strtable
=
dst
;
}
else
{
/* we have bad information here, wipe it out */
fmap
->
u
.
pe
.
ntheader
.
FileHeader
.
PointerToSymbolTable
=
0
;
fmap
->
u
.
pe
.
ntheader
.
FileHeader
.
NumberOfSymbols
=
0
;
fmap
->
u
.
pe
.
strtable
=
NULL
;
}
}
}
else
fmap
->
u
.
pe
.
strtable
=
NULL
;
else
fmap
->
u
.
pe
.
strtable
=
NULL
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment