[reactos] 04/04: [NTOS:MM] Fail on SizeOfRawData overflow. CORE-17284 - Ros-diffs

3 Oct 2020

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e57a59a60acc4f654adea8...
commit e57a59a60acc4f654adea86968c53b49f26a3885
Author:     Thomas Faber thomas.faber@reactos.org
AuthorDate: Sun Sep 27 17:48:33 2020 +0200
Commit:     Thomas Faber thomas.faber@reactos.org
CommitDate: Sat Oct 3 13:20:25 2020 +0200
[NTOS:MM] Fail on SizeOfRawData overflow. CORE-17284
Fixes the corresponding tests in ntdll_apitest:NtMapViewOfSection.
    Also add a TODO for the remaining test failures.
---
 ntoskrnl/mm/section.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c
index 2bbbee15e8b..ce63e796a3d 100644
--- a/ntoskrnl/mm/section.c
+++ b/ntoskrnl/mm/section.c
@@ -723,12 +723,16 @@ l_ReadHeaderFromFile:
 //            if(!IsAligned(pishSectionHeaders[i].PointerToRawData, nFileAlignment))
 //                DIE(("PointerToRawData[%u] is not aligned\n", i));
+            if(!Intsafe_CanAddULong32(pishSectionHeaders[i].PointerToRawData, pishSectionHeaders[i].SizeOfRawData))
+                DIE(("SizeOfRawData[%u] too large\n", i));
+
             /* conversion */
             pssSegments[i].Image.FileOffset = pishSectionHeaders[i].PointerToRawData;
             pssSegments[i].RawLength.QuadPart = pishSectionHeaders[i].SizeOfRawData;
         }
         else
         {
+            /* FIXME: Should reset PointerToRawData to 0 in the image mapping */
             ASSERT(pssSegments[i].Image.FileOffset == 0);
             ASSERT(pssSegments[i].RawLength.QuadPart == 0);
         }

    