https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e57a59a60acc4f654adea… commit e57a59a60acc4f654adea86968c53b49f26a3885 Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Sun Sep 27 17:48:33 2020 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sat Oct 3 13:20:25 2020 +0200 [NTOS:MM] Fail on SizeOfRawData overflow. CORE-17284 Fixes the corresponding tests in ntdll_apitest:NtMapViewOfSection. Also add a TODO for the remaining test failures. --- ntoskrnl/mm/section.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c index 2bbbee15e8b..ce63e796a3d 100644 --- a/ntoskrnl/mm/section.c +++ b/ntoskrnl/mm/section.c @@ -723,12 +723,16 @@ l_ReadHeaderFromFile: // if(!IsAligned(pishSectionHeaders[i].PointerToRawData, nFileAlignment)) // DIE(("PointerToRawData[%u] is not aligned\n", i)); + if(!Intsafe_CanAddULong32(pishSectionHeaders[i].PointerToRawData, pishSectionHeaders[i].SizeOfRawData)) + DIE(("SizeOfRawData[%u] too large\n", i)); + /* conversion */ pssSegments[i].Image.FileOffset = pishSectionHeaders[i].PointerToRawData; pssSegments[i].RawLength.QuadPart = pishSectionHeaders[i].SizeOfRawData; } else { + /* FIXME: Should reset PointerToRawData to 0 in the image mapping */ ASSERT(pssSegments[i].Image.FileOffset == 0); ASSERT(pssSegments[i].RawLength.QuadPart == 0); }