[reactos] 02/04: [NTDLL_APITEST] Add test for an image file where SizeOfRawData > VirtualSize. CORE-17284
3 Oct
2020
3 Oct
'20
11:21 a.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=9b1fb8d6fd1e3034e4fa0…
commit 9b1fb8d6fd1e3034e4fa0fb1e3e87b6bdae6d795
Author: Thomas Faber <thomas.faber(a)reactos.org>
AuthorDate: Sun Sep 27 16:42:29 2020 +0200
Commit: Thomas Faber <thomas.faber(a)reactos.org>
CommitDate: Sat Oct 3 13:13:35 2020 +0200
[NTDLL_APITEST] Add test for an image file where SizeOfRawData > VirtualSize.
CORE-17284
---
.../rostests/apitests/ntdll/NtMapViewOfSection.c | 395 ++++++++++++++++++++-
1 file changed, 381 insertions(+), 14 deletions(-)
diff --git a/modules/rostests/apitests/ntdll/NtMapViewOfSection.c
b/modules/rostests/apitests/ntdll/NtMapViewOfSection.c
index 2df52007c41..a191126df20 100644
--- a/modules/rostests/apitests/ntdll/NtMapViewOfSection.c
+++ b/modules/rostests/apitests/ntdll/NtMapViewOfSection.c
@@ -766,7 +766,7 @@ Test_ImageSection(void)
ok_ntstatus(Status, STATUS_SUCCESS);
if (!NT_SUCCESS(Status))
{
- skip("Failed to open file\n");
+ skip("Failed to open file %s\n", wine_dbgstr_wn(FileName.Buffer,
FileName.Length / sizeof(WCHAR)));
return;
}
@@ -1165,7 +1165,7 @@ Test_BasedSection(void)
#define BYTES512(x) BYTES256(x), BYTES256(x)
#define BYTES1024(x) BYTES512(x), BYTES512(x)
-static struct _MY_IMAGE_FILE
+static struct _SECTION_CONTENTS_IMAGE_FILE
{
IMAGE_DOS_HEADER doshdr;
WORD stub[32];
@@ -1179,7 +1179,7 @@ static struct _MY_IMAGE_FILE
BYTE rossym_data[0x400];
BYTE rsrc_data[0x400];
BYTE clc_data[0x1000];
-} ImageFile =
+} SectionContentsImageFile =
{
/* IMAGE_DOS_HEADER */
{
@@ -1358,10 +1358,10 @@ static struct _MY_IMAGE_FILE
},
};
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, text_data) == 0x400);
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, rossym_data) == 0x800);
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, rsrc_data) == 0xc00);
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, clc_data) == 0x1000);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, text_data) == 0x400);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, rossym_data) == 0x800);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, rsrc_data) == 0xc00);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, clc_data) == 0x1000);
static
void
@@ -1398,21 +1398,21 @@ Test_SectionContents(BOOL Relocate)
if (Relocate)
{
ok((ULONG_PTR)GetModuleHandle(NULL) <= 0x80000000, "Module at %p\n",
GetModuleHandle(NULL));
- ImageFile.nthdrs.OptionalHeader.ImageBase =
(ULONG)(ULONG_PTR)GetModuleHandle(NULL);
+ SectionContentsImageFile.nthdrs.OptionalHeader.ImageBase =
(ULONG)(ULONG_PTR)GetModuleHandle(NULL);
}
else
{
- ImageFile.nthdrs.OptionalHeader.ImageBase = 0xe400000;
+ SectionContentsImageFile.nthdrs.OptionalHeader.ImageBase = 0xe400000;
}
Success = WriteFile(Handle,
- &ImageFile,
- sizeof(ImageFile),
+ &SectionContentsImageFile,
+ sizeof(SectionContentsImageFile),
&Written,
NULL);
ok(Success == TRUE, "WriteFile failed with %lu\n", GetLastError());
- ok(Written == sizeof(ImageFile), "WriteFile wrote %lu bytes\n", Written);
-
+ ok(Written == sizeof(SectionContentsImageFile), "WriteFile wrote %lu
bytes\n", Written);
+
Status = NtCreateSection(&SectionHandle,
SECTION_ALL_ACCESS,
NULL,
@@ -1473,6 +1473,370 @@ Test_SectionContents(BOOL Relocate)
TEST_WRITE(0x8000);
TEST_BYTE(0x8000, 0x11);
TEST_BYTE(0x8400, 0x33);
+#undef TEST_BYTE
+#undef TEST_WRITE
+#undef TEST_NOWRITE
+ Status = NtUnmapViewOfSection(NtCurrentProcess(), BaseAddress);
+ ok_ntstatus(Status, STATUS_SUCCESS);
+ }
+ Status = NtClose(SectionHandle);
+ ok_ntstatus(Status, STATUS_SUCCESS);
+ }
+
+ CloseHandle(Handle);
+ DeleteFileW(FileName);
+}
+
+static struct _RAW_SIZE_IMAGE_FILE
+{
+ IMAGE_DOS_HEADER doshdr;
+ WORD stub[32];
+ IMAGE_NT_HEADERS32 nthdrs;
+ IMAGE_SECTION_HEADER text_header;
+ IMAGE_SECTION_HEADER data_header;
+ IMAGE_SECTION_HEADER zdata_header;
+ IMAGE_SECTION_HEADER rsrc_header;
+ BYTE pad[488];
+ BYTE text_data[0x1200];
+ BYTE data_data[0x1200];
+ BYTE rsrc_data[0x400];
+} RawSizeImageFile =
+{
+ /* IMAGE_DOS_HEADER */
+ {
+ IMAGE_DOS_SIGNATURE, 144, 3, 0, 4, 0, 0xFFFF, 0, 0xB8, 0, 0, 0, 0x40,
+ 0, { 0 }, 0, 0, { 0 }, 0x80
+ },
+ /* binary to print "This program cannot be run in DOS mode." */
+ {
+ 0x1F0E, 0x0EBA, 0xB400, 0xCD09, 0xB821, 0x4C01, 0x21CD, 0x6854, 0x7369,
+ 0x7020, 0x6F72, 0x7267, 0x6D61, 0x6320, 0x6E61, 0x6F6E, 0x2074, 0x6562,
+ 0x7220, 0x6E75, 0x6920, 0x206E, 0x4F44, 0x2053, 0x6F6D, 0x6564, 0x0D2E,
+ 0x0A0D, 0x0024, 0x0000, 0x0000, 0x0000
+ },
+ /* IMAGE_NT_HEADERS32 */
+ {
+ IMAGE_NT_SIGNATURE, /* Signature */
+ /* IMAGE_FILE_HEADER */
+ {
+ IMAGE_FILE_MACHINE_I386, /* Machine */
+ 4, /* NumberOfSections */
+ 0x47EFDF09, /* TimeDateStamp */
+ 0, /* PointerToSymbolTable */
+ 0, /* NumberOfSymbols */
+ 0xE0, /* SizeOfOptionalHeader */
+ IMAGE_FILE_32BIT_MACHINE | IMAGE_FILE_LOCAL_SYMS_STRIPPED |
+ IMAGE_FILE_LINE_NUMS_STRIPPED | IMAGE_FILE_EXECUTABLE_IMAGE |
+ IMAGE_FILE_DLL, /* Characteristics */
+ },
+ /* IMAGE_OPTIONAL_HEADER32 */
+ {
+ IMAGE_NT_OPTIONAL_HDR32_MAGIC, /* Magic */
+ 8, /* MajorLinkerVersion */
+ 0, /* MinorLinkerVersion */
+ 0x400, /* SizeOfCode */
+ 0x000, /* SizeOfInitializedData */
+ 0, /* SizeOfUninitializedData */
+ 0x1000, /* AddressOfEntryPoint */
+ 0x1000, /* BaseOfCode */
+ 0x0000, /* BaseOfData */
+ 0x400000, /* ImageBase */
+ 0x1000, /* SectionAlignment */
+ 0x200, /* FileAlignment */
+ 4, /* MajorOperatingSystemVersion */
+ 0, /* MinorOperatingSystemVersion */
+ 0, /* MajorImageVersion */
+ 0, /* MinorImageVersion */
+ 4, /* MajorSubsystemVersion */
+ 0, /* MinorSubsystemVersion */
+ 0, /* Win32VersionValue */
+ 0x5000, /* SizeOfImage */
+ 0x400, /* SizeOfHeaders */
+ 0x0, /* CheckSum */
+ IMAGE_SUBSYSTEM_WINDOWS_CUI, /* Subsystem */
+ IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE |
+ IMAGE_DLLCHARACTERISTICS_NO_SEH |
+ IMAGE_DLLCHARACTERISTICS_NX_COMPAT, /* DllCharacteristics */
+ 0x100000, /* SizeOfStackReserve */
+ 0x1000, /* SizeOfStackCommit */
+ 0x100000, /* SizeOfHeapReserve */
+ 0x1000, /* SizeOfHeapCommit */
+ 0, /* LoaderFlags */
+ 0x10, /* NumberOfRvaAndSizes */
+ /* IMAGE_DATA_DIRECTORY */
+ {
+ { 0 }, /* Export Table */
+ { 0 }, /* Import Table */
+ { 0 }, /* Resource Table */
+ { 0 }, /* Exception Table */
+ { 0 }, /* Certificate Table */
+ { 0 }, /* Base Relocation Table */
+ { 0 }, /* Debug */
+ { 0 }, /* Copyright */
+ { 0 }, /* Global Ptr */
+ { 0 }, /* TLS Table */
+ { 0 }, /* Load Config Table */
+ { 0 }, /* Bound Import */
+ { 0 }, /* IAT */
+ { 0 }, /* Delay Import Descriptor */
+ { 0 }, /* CLI Header */
+ { 0 } /* Reserved */
+ }
+ }
+ },
+ /* IMAGE_SECTION_HEADER */
+ {
+ /* SizeOfRawData larger than VirtualSize */
+ ".text", /* Name */
+ { 0x1000 }, /* Misc.VirtualSize */
+ 0x1000, /* VirtualAddress */
+ 0x1200, /* SizeOfRawData */
+ 0x400, /* PointerToRawData */
+ 0, /* PointerToRelocations */
+ 0, /* PointerToLinenumbers */
+ 0, /* NumberOfRelocations */
+ 0, /* NumberOfLinenumbers */
+ IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_EXECUTE |
+ IMAGE_SCN_CNT_CODE, /* Characteristics */
+ },
+ /* IMAGE_SECTION_HEADER */
+ {
+ /* SizeOfRawData larger than VirtualSize */
+ ".data", /* Name */
+ { 0x100 }, /* Misc.VirtualSize */
+ 0x2000, /* VirtualAddress */
+ 0x1200, /* SizeOfRawData */
+ 0x1600, /* PointerToRawData */
+ 0, /* PointerToRelocations */
+ 0, /* PointerToLinenumbers */
+ 0, /* NumberOfRelocations */
+ 0, /* NumberOfLinenumbers */
+ IMAGE_SCN_MEM_WRITE | IMAGE_SCN_MEM_READ |
+ IMAGE_SCN_CNT_INITIALIZED_DATA, /* Characteristics */
+ },
+ /* IMAGE_SECTION_HEADER */
+ {
+ /* SizeOfRawData = 0 */
+ ".zdata", /* Name */
+ { 0x100 }, /* Misc.VirtualSize */
+ 0x3000, /* VirtualAddress */
+ 0, /* SizeOfRawData */
+ 0x2800, /* PointerToRawData */
+ 0, /* PointerToRelocations */
+ 0, /* PointerToLinenumbers */
+ 0, /* NumberOfRelocations */
+ 0, /* NumberOfLinenumbers */
+ IMAGE_SCN_MEM_WRITE | IMAGE_SCN_MEM_READ |
+ IMAGE_SCN_CNT_UNINITIALIZED_DATA, /* Characteristics */
+ },
+ /* IMAGE_SECTION_HEADER */
+ {
+ /* VirtualSize larger than SizeOfRawData */
+ ".rsrc", /* Name */
+ { 0x300 }, /* Misc.VirtualSize */
+ 0x4000, /* VirtualAddress */
+ 0x200, /* SizeOfRawData */
+ 0x2800, /* PointerToRawData */
+ 0, /* PointerToRelocations */
+ 0, /* PointerToLinenumbers */
+ 0, /* NumberOfRelocations */
+ 0, /* NumberOfLinenumbers */
+ IMAGE_SCN_MEM_READ |
+ IMAGE_SCN_CNT_INITIALIZED_DATA, /* Characteristics */
+ },
+ /* fill */
+ { 0 },
+ /* text */
+ {
+ 0xc3, 0, 0, 0, 0, 0, 0, 0,
+ BYTES8(1),
+ BYTES16(2),
+ BYTES32(3),
+ BYTES64(4),
+ BYTES128(5),
+ BYTES256(6),
+ BYTES512(7),
+ BYTES1024(8),
+ BYTES1024(9),
+ BYTES1024(0xa),
+ BYTES512(0xb),
+ },
+ /* data */
+ {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+ BYTES8(0xaa),
+ BYTES16(0xbb),
+ BYTES32(0xcc),
+ BYTES64(0xdd),
+ BYTES128(0xee),
+ BYTES256(0xff),
+ BYTES512(0xee),
+ BYTES1024(0xdd),
+ BYTES1024(0xcc),
+ BYTES1024(0xbb),
+ BYTES512(0xaa),
+ },
+ /* rsrc */
+ {
+ BYTES256(0xff),
+ BYTES128(0xee),
+ BYTES64(0xdd),
+ BYTES32(0xcc),
+ BYTES16(0xbb),
+ BYTES8(0xaa),
+ 0xef, 0xcd, 0xab, 0x89, 0x67, 0x45, 0x23, 0x01,
+ },
+};
+
+C_ASSERT(FIELD_OFFSET(struct _RAW_SIZE_IMAGE_FILE, text_data) == 0x400);
+C_ASSERT(FIELD_OFFSET(struct _RAW_SIZE_IMAGE_FILE, data_data) == 0x1600);
+C_ASSERT(FIELD_OFFSET(struct _RAW_SIZE_IMAGE_FILE, rsrc_data) == 0x2800);
+
+// CORE-17284
+static
+void
+Test_RawSize(ULONG TestNumber)
+{
+ NTSTATUS Status;
+ WCHAR TempPath[MAX_PATH];
+ WCHAR FileName[MAX_PATH];
+ HANDLE Handle;
+ HANDLE SectionHandle;
+ LARGE_INTEGER SectionOffset;
+ PVOID BaseAddress;
+ SIZE_T ViewSize;
+ ULONG Written;
+ ULONG Length;
+ BOOL Success;
+
+ Length = GetTempPathW(MAX_PATH, TempPath);
+ ok(Length != 0, "GetTempPathW failed with %lu\n", GetLastError());
+ Length = GetTempFileNameW(TempPath, L"nta", 0, FileName);
+ ok(Length != 0, "GetTempFileNameW failed with %lu\n", GetLastError());
+ Handle = CreateFileW(FileName,
+ FILE_ALL_ACCESS,
+ 0,
+ NULL,
+ CREATE_ALWAYS,
+ 0,
+ NULL);
+ if (Handle == INVALID_HANDLE_VALUE)
+ {
+ skip("Failed to create temp file %ls, error %lu\n", FileName,
GetLastError());
+ return;
+ }
+ RawSizeImageFile.nthdrs.OptionalHeader.ImageBase = 0xe400000;
+ if (TestNumber == 1)
+ {
+ /* Just for fun, show that these flags don't matter. */
+ RawSizeImageFile.text_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE |
IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+ RawSizeImageFile.data_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE |
IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+ RawSizeImageFile.zdata_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE |
IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+ RawSizeImageFile.rsrc_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE |
IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+ }
+ else if (TestNumber == 2)
+ {
+ /* SizeOfRawData is too large and will overflow.
+ * This should cause failure to load the file */
+ RawSizeImageFile.rsrc_header.SizeOfRawData = (ULONG)-0x200;
+ }
+
+ Success = WriteFile(Handle,
+ &RawSizeImageFile,
+ sizeof(RawSizeImageFile),
+ &Written,
+ NULL);
+ ok(Success == TRUE, "WriteFile failed with %lu\n", GetLastError());
+ ok(Written == sizeof(RawSizeImageFile), "WriteFile wrote %lu bytes\n",
Written);
+
+ Status = NtCreateSection(&SectionHandle,
+ SECTION_ALL_ACCESS,
+ NULL,
+ NULL,
+ PAGE_EXECUTE_READWRITE,
+ SEC_IMAGE,
+ Handle);
+ if (TestNumber == 2)
+ {
+ /* overflow in SizeOfRawData */
+ ok_ntstatus(Status, STATUS_INVALID_IMAGE_FORMAT);
+ }
+ else
+ {
+ ok_ntstatus(Status, STATUS_SUCCESS);
+ }
+
+ if (NT_SUCCESS(Status))
+ {
+ /* Map the section with */
+ BaseAddress = NULL;
+ SectionOffset.QuadPart = 0;
+ ViewSize = 0;
+ Status = NtMapViewOfSection(SectionHandle,
+ NtCurrentProcess(),
+ &BaseAddress,
+ 0,
+ 0,
+ &SectionOffset,
+ &ViewSize,
+ ViewShare,
+ 0,
+ PAGE_READWRITE);
+ ok_ntstatus(Status, STATUS_SUCCESS);
+ if (NT_SUCCESS(Status))
+ {
+ PUCHAR Bytes = BaseAddress;
+ struct _RAW_SIZE_IMAGE_FILE *ImageFile = BaseAddress;
+
+ /* .text section header is unmodified */
+ ok_hex(ImageFile->text_header.Misc.VirtualSize,
RawSizeImageFile.text_header.Misc.VirtualSize);
+ ok_hex(ImageFile->text_header.VirtualAddress,
RawSizeImageFile.text_header.VirtualAddress);
+ ok_hex(ImageFile->text_header.SizeOfRawData,
RawSizeImageFile.text_header.SizeOfRawData);
+ ok_hex(ImageFile->text_header.PointerToRawData,
RawSizeImageFile.text_header.PointerToRawData);
+
+ /* SizeOfRawData = 0 resets PointerToRawData to 0 */
+ ok_hex(ImageFile->zdata_header.Misc.VirtualSize,
RawSizeImageFile.zdata_header.Misc.VirtualSize);
+ ok_hex(ImageFile->zdata_header.VirtualAddress,
RawSizeImageFile.zdata_header.VirtualAddress);
+ ok_hex(ImageFile->zdata_header.SizeOfRawData,
RawSizeImageFile.zdata_header.SizeOfRawData);
+ ok_hex(ImageFile->zdata_header.PointerToRawData, 0);
+
+#define TEST_BYTE(n, v) \
+ StartSeh() \
+ ok(Bytes[n] == v, "[%lu] Bytes[%u] = 0x%x, expected 0x%x\n", \
+ TestNumber, n, Bytes[n], v); \
+ EndSeh(STATUS_SUCCESS);
+ /* .text section data matches file up to 0x1000 */
+ TEST_BYTE(0x1000, 0xc3);
+ TEST_BYTE(0x1001, 0x00);
+ TEST_BYTE(0x1008, 0x01);
+ TEST_BYTE(0x1010, 0x02);
+ TEST_BYTE(0x1fff, 0x0a);
+
+ /* .data section data matches file up to 0x1000 */
+ TEST_BYTE(0x2000, 0x01);
+ TEST_BYTE(0x2001, 0x23);
+ TEST_BYTE(0x20ff, 0xee);
+ TEST_BYTE(0x2100, 0xff);
+ TEST_BYTE(0x2fff, 0xbb);
+
+ /* .zdata section data is all zeroes */
+ TEST_BYTE(0x3000, 0x00);
+ TEST_BYTE(0x3001, 0x00);
+ TEST_BYTE(0x3800, 0x00);
+ TEST_BYTE(0x3fff, 0x00);
+
+ /* .rsrc section data matches file up to VirtualSize 0x200 */
+ TEST_BYTE(0x4000, 0xff);
+ TEST_BYTE(0x4100, 0xee);
+ TEST_BYTE(0x4180, 0xdd);
+ TEST_BYTE(0x41c0, 0xcc);
+ TEST_BYTE(0x41e0, 0xbb);
+ TEST_BYTE(0x41f0, 0xaa);
+ TEST_BYTE(0x41fe, 0x23);
+ TEST_BYTE(0x41ff, 0x01);
+ TEST_BYTE(0x4200, 0x00);
+ TEST_BYTE(0x4fff, 0x00);
+#undef TEST_BYTE
Status = NtUnmapViewOfSection(NtCurrentProcess(), BaseAddress);
ok_ntstatus(Status, STATUS_SUCCESS);
}
@@ -1510,7 +1874,7 @@ Test_EmptyFile(VOID)
skip("Failed to create temp file %ls, error %lu\n", FileName,
GetLastError());
return;
}
-
+
Status = NtCreateSection(&SectionHandle,
STANDARD_RIGHTS_REQUIRED | SECTION_QUERY |
SECTION_MAP_READ,
0, 0, PAGE_READONLY, SEC_COMMIT, Handle);
@@ -1633,6 +1997,9 @@ START_TEST(NtMapViewOfSection)
Test_BasedSection();
Test_SectionContents(FALSE);
Test_SectionContents(TRUE);
+ Test_RawSize(0);
+ Test_RawSize(1);
+ Test_RawSize(2);
Test_EmptyFile();
Test_Truncate();
}
1503
days inactive
1503
days old
0 comments
1 participants
participants (1)
-
Thomas Faber