Commit d97e6a47 authored by Eric Pouech's avatar Eric Pouech Committed by Alexandre Julliard

dbghelp: Test validity of COFF symbol table against file size (and not image size).

parent 1f5ff751
...@@ -177,17 +177,17 @@ unsigned pe_get_map_size(const struct image_section_map* ism) ...@@ -177,17 +177,17 @@ unsigned pe_get_map_size(const struct image_section_map* ism)
* Checks whether the PointerToSymbolTable and NumberOfSymbols in file_header contain * Checks whether the PointerToSymbolTable and NumberOfSymbols in file_header contain
* valid information. * valid information.
*/ */
static BOOL pe_is_valid_pointer_table(const IMAGE_NT_HEADERS* nthdr, const void* mapping) static BOOL pe_is_valid_pointer_table(const IMAGE_NT_HEADERS* nthdr, const void* mapping, DWORD64 sz)
{ {
DWORD64 offset; DWORD64 offset;
/* is the iSym table inside file image ? */ /* is the iSym table inside file size ? (including first DWORD of string table, which is its size) */
offset = (DWORD64)nthdr->FileHeader.PointerToSymbolTable; offset = (DWORD64)nthdr->FileHeader.PointerToSymbolTable;
offset += (DWORD64)nthdr->FileHeader.NumberOfSymbols * sizeof(IMAGE_SYMBOL); offset += (DWORD64)nthdr->FileHeader.NumberOfSymbols * sizeof(IMAGE_SYMBOL) + sizeof(DWORD);
if (offset > (DWORD64)nthdr->OptionalHeader.SizeOfImage) return FALSE; if (offset > sz) return FALSE;
/* is string table (following iSym table) inside file image ? */ /* is string table (following iSym table) inside file size ? */
offset += *(DWORD*)((const char*)mapping + offset); offset += *(DWORD*)((const char*)mapping + offset);
return offset <= (DWORD64)nthdr->OptionalHeader.SizeOfImage; return offset <= sz;
} }
/****************************************************************** /******************************************************************
...@@ -228,7 +228,9 @@ static BOOL pe_map_file(HANDLE file, struct image_file_map* fmap, enum module_ty ...@@ -228,7 +228,9 @@ static BOOL pe_map_file(HANDLE file, struct image_file_map* fmap, enum module_ty
} }
if (nthdr->FileHeader.PointerToSymbolTable && nthdr->FileHeader.NumberOfSymbols) if (nthdr->FileHeader.PointerToSymbolTable && nthdr->FileHeader.NumberOfSymbols)
{ {
if (pe_is_valid_pointer_table(nthdr, mapping)) LARGE_INTEGER li;
if (GetFileSizeEx(file, &li) && pe_is_valid_pointer_table(nthdr, mapping, li.QuadPart))
{ {
/* FIXME ugly: should rather map the relevant content instead of copying it */ /* FIXME ugly: should rather map the relevant content instead of copying it */
const char* src = (const char*)mapping + const char* src = (const char*)mapping +
...@@ -243,6 +245,7 @@ static BOOL pe_map_file(HANDLE file, struct image_file_map* fmap, enum module_ty ...@@ -243,6 +245,7 @@ static BOOL pe_map_file(HANDLE file, struct image_file_map* fmap, enum module_ty
} }
else else
{ {
WARN("Bad coff table... wipping out\n");
/* we have bad information here, wipe it out */ /* we have bad information here, wipe it out */
fmap->u.pe.ntheader.FileHeader.PointerToSymbolTable = 0; fmap->u.pe.ntheader.FileHeader.PointerToSymbolTable = 0;
fmap->u.pe.ntheader.FileHeader.NumberOfSymbols = 0; fmap->u.pe.ntheader.FileHeader.NumberOfSymbols = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment