Commit 8e5f2812 authored by Alexandre Julliard's avatar Alexandre Julliard

ntdll: Add some sanity checks for invalid relocation blocks.

parent aa68258b
......@@ -1107,8 +1107,14 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
rel = (IMAGE_BASE_RELOCATION *)(ptr + relocs->VirtualAddress);
end = (IMAGE_BASE_RELOCATION *)(ptr + relocs->VirtualAddress + relocs->Size);
while (rel < end && rel->SizeOfBlock)
while (rel <= end - 1 && rel->SizeOfBlock)
{
if (rel->VirtualAddress >= total_size)
{
WARN_(module)( "invalid address %p in relocation %p\n", ptr + rel->VirtualAddress, rel );
status = STATUS_ACCESS_VIOLATION;
goto error;
}
rel = LdrProcessRelocationBlock( ptr + rel->VirtualAddress,
(rel->SizeOfBlock - sizeof(*rel)) / sizeof(USHORT),
(USHORT *)(rel + 1), delta );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment