[reactos] 02/04: [NTDLL_APITEST] Add test for an image file where SizeOfRawData > VirtualSize. CORE-17284 - Ros-diffs

3 Oct 2020

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=9b1fb8d6fd1e3034e4fa0f...
commit 9b1fb8d6fd1e3034e4fa0fb1e3e87b6bdae6d795
Author:     Thomas Faber thomas.faber@reactos.org
AuthorDate: Sun Sep 27 16:42:29 2020 +0200
Commit:     Thomas Faber thomas.faber@reactos.org
CommitDate: Sat Oct 3 13:13:35 2020 +0200
[NTDLL_APITEST] Add test for an image file where SizeOfRawData > VirtualSize. CORE-17284
---
 .../rostests/apitests/ntdll/NtMapViewOfSection.c   | 395 ++++++++++++++++++++-
 1 file changed, 381 insertions(+), 14 deletions(-)

diff --git a/modules/rostests/apitests/ntdll/NtMapViewOfSection.c b/modules/rostests/apitests/ntdll/NtMapViewOfSection.c
index 2df52007c41..a191126df20 100644
--- a/modules/rostests/apitests/ntdll/NtMapViewOfSection.c
+++ b/modules/rostests/apitests/ntdll/NtMapViewOfSection.c
@@ -766,7 +766,7 @@ Test_ImageSection(void)
     ok_ntstatus(Status, STATUS_SUCCESS);
     if (!NT_SUCCESS(Status))
     {
-        skip("Failed to open file\n");
+        skip("Failed to open file %s\n", wine_dbgstr_wn(FileName.Buffer, FileName.Length / sizeof(WCHAR)));
         return;
     }
@@ -1165,7 +1165,7 @@ Test_BasedSection(void)
 #define BYTES512(x) BYTES256(x), BYTES256(x)
 #define BYTES1024(x) BYTES512(x), BYTES512(x)
-static struct _MY_IMAGE_FILE
+static struct _SECTION_CONTENTS_IMAGE_FILE
 {
     IMAGE_DOS_HEADER doshdr;
     WORD stub[32];
@@ -1179,7 +1179,7 @@ static struct _MY_IMAGE_FILE
     BYTE rossym_data[0x400];
     BYTE rsrc_data[0x400];
     BYTE clc_data[0x1000];
-} ImageFile =
+} SectionContentsImageFile =
 {
     /* IMAGE_DOS_HEADER */
     {
@@ -1358,10 +1358,10 @@ static struct _MY_IMAGE_FILE
     },
 };
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, text_data) == 0x400);
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, rossym_data) == 0x800);
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, rsrc_data) == 0xc00);
-C_ASSERT(FIELD_OFFSET(struct _MY_IMAGE_FILE, clc_data) == 0x1000);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, text_data) == 0x400);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, rossym_data) == 0x800);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, rsrc_data) == 0xc00);
+C_ASSERT(FIELD_OFFSET(struct _SECTION_CONTENTS_IMAGE_FILE, clc_data) == 0x1000);
static
 void
@@ -1398,21 +1398,21 @@ Test_SectionContents(BOOL Relocate)
     if (Relocate)
     {
         ok((ULONG_PTR)GetModuleHandle(NULL) <= 0x80000000, "Module at %p\n", GetModuleHandle(NULL));
-        ImageFile.nthdrs.OptionalHeader.ImageBase = (ULONG)(ULONG_PTR)GetModuleHandle(NULL);
+        SectionContentsImageFile.nthdrs.OptionalHeader.ImageBase = (ULONG)(ULONG_PTR)GetModuleHandle(NULL);
     }
     else
     {
-        ImageFile.nthdrs.OptionalHeader.ImageBase = 0xe400000;
+        SectionContentsImageFile.nthdrs.OptionalHeader.ImageBase = 0xe400000;
     }
Success = WriteFile(Handle,
-                        &ImageFile,
-                        sizeof(ImageFile),
+                        &SectionContentsImageFile,
+                        sizeof(SectionContentsImageFile),
                         &Written,
                         NULL);
     ok(Success == TRUE, "WriteFile failed with %lu\n", GetLastError());
-    ok(Written == sizeof(ImageFile), "WriteFile wrote %lu bytes\n", Written);
-    
+    ok(Written == sizeof(SectionContentsImageFile), "WriteFile wrote %lu bytes\n", Written);
+
     Status = NtCreateSection(&SectionHandle,
                              SECTION_ALL_ACCESS,
                              NULL,
@@ -1473,6 +1473,370 @@ Test_SectionContents(BOOL Relocate)
             TEST_WRITE(0x8000);
             TEST_BYTE(0x8000, 0x11);
             TEST_BYTE(0x8400, 0x33);
+#undef TEST_BYTE
+#undef TEST_WRITE
+#undef TEST_NOWRITE
+            Status = NtUnmapViewOfSection(NtCurrentProcess(), BaseAddress);
+            ok_ntstatus(Status, STATUS_SUCCESS);
+        }
+        Status = NtClose(SectionHandle);
+        ok_ntstatus(Status, STATUS_SUCCESS);
+    }
+
+    CloseHandle(Handle);
+    DeleteFileW(FileName);
+}
+
+static struct _RAW_SIZE_IMAGE_FILE
+{
+    IMAGE_DOS_HEADER doshdr;
+    WORD stub[32];
+    IMAGE_NT_HEADERS32 nthdrs;
+    IMAGE_SECTION_HEADER text_header;
+    IMAGE_SECTION_HEADER data_header;
+    IMAGE_SECTION_HEADER zdata_header;
+    IMAGE_SECTION_HEADER rsrc_header;
+    BYTE pad[488];
+    BYTE text_data[0x1200];
+    BYTE data_data[0x1200];
+    BYTE rsrc_data[0x400];
+} RawSizeImageFile =
+{
+    /* IMAGE_DOS_HEADER */
+    {
+        IMAGE_DOS_SIGNATURE, 144, 3, 0, 4, 0, 0xFFFF, 0, 0xB8, 0, 0, 0, 0x40,
+        0, { 0 }, 0, 0, { 0 }, 0x80
+    },
+    /* binary to print "This program cannot be run in DOS mode." */
+    {
+        0x1F0E, 0x0EBA, 0xB400, 0xCD09, 0xB821, 0x4C01, 0x21CD, 0x6854, 0x7369,
+        0x7020, 0x6F72, 0x7267, 0x6D61, 0x6320, 0x6E61, 0x6F6E, 0x2074, 0x6562,
+        0x7220, 0x6E75, 0x6920, 0x206E, 0x4F44, 0x2053, 0x6F6D, 0x6564, 0x0D2E,
+        0x0A0D, 0x0024, 0x0000, 0x0000, 0x0000
+    },
+    /* IMAGE_NT_HEADERS32 */
+    {
+        IMAGE_NT_SIGNATURE, /* Signature */
+        /* IMAGE_FILE_HEADER */
+        {
+            IMAGE_FILE_MACHINE_I386, /* Machine */
+            4, /* NumberOfSections */
+            0x47EFDF09, /* TimeDateStamp */
+            0, /* PointerToSymbolTable */
+            0, /* NumberOfSymbols */
+            0xE0, /* SizeOfOptionalHeader */
+            IMAGE_FILE_32BIT_MACHINE | IMAGE_FILE_LOCAL_SYMS_STRIPPED |
+            IMAGE_FILE_LINE_NUMS_STRIPPED | IMAGE_FILE_EXECUTABLE_IMAGE |
+            IMAGE_FILE_DLL, /* Characteristics */
+        },
+        /* IMAGE_OPTIONAL_HEADER32 */
+        {
+            IMAGE_NT_OPTIONAL_HDR32_MAGIC, /* Magic */
+            8, /* MajorLinkerVersion */
+            0, /* MinorLinkerVersion */
+            0x400, /* SizeOfCode */
+            0x000, /* SizeOfInitializedData */
+            0, /* SizeOfUninitializedData */
+            0x1000, /* AddressOfEntryPoint */
+            0x1000, /* BaseOfCode */
+            0x0000, /* BaseOfData */
+            0x400000, /* ImageBase */
+            0x1000, /* SectionAlignment */
+            0x200, /* FileAlignment */
+            4, /* MajorOperatingSystemVersion */
+            0, /* MinorOperatingSystemVersion */
+            0, /* MajorImageVersion */
+            0, /* MinorImageVersion */
+            4, /* MajorSubsystemVersion */
+            0, /* MinorSubsystemVersion */
+            0, /* Win32VersionValue */
+            0x5000, /* SizeOfImage */
+            0x400, /* SizeOfHeaders */
+            0x0, /* CheckSum */
+            IMAGE_SUBSYSTEM_WINDOWS_CUI, /* Subsystem */
+            IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE |
+            IMAGE_DLLCHARACTERISTICS_NO_SEH |
+            IMAGE_DLLCHARACTERISTICS_NX_COMPAT, /* DllCharacteristics */
+            0x100000, /* SizeOfStackReserve */
+            0x1000, /* SizeOfStackCommit */
+            0x100000, /* SizeOfHeapReserve */
+            0x1000, /* SizeOfHeapCommit */
+            0, /* LoaderFlags */
+            0x10, /* NumberOfRvaAndSizes */
+            /* IMAGE_DATA_DIRECTORY */
+            {
+                { 0 }, /* Export Table */
+                { 0 }, /* Import Table */
+                { 0 }, /* Resource Table */
+                { 0 }, /* Exception Table */
+                { 0 }, /* Certificate Table */
+                { 0 }, /* Base Relocation Table */
+                { 0 }, /* Debug */
+                { 0 }, /* Copyright */
+                { 0 }, /* Global Ptr */
+                { 0 }, /* TLS Table */
+                { 0 }, /* Load Config Table */
+                { 0 }, /* Bound Import */
+                { 0 }, /* IAT */
+                { 0 }, /* Delay Import Descriptor */
+                { 0 }, /* CLI Header */
+                { 0 } /* Reserved */
+            }
+        }
+    },
+    /* IMAGE_SECTION_HEADER */
+    {
+        /* SizeOfRawData larger than VirtualSize */
+        ".text", /* Name */
+        { 0x1000 }, /* Misc.VirtualSize */
+        0x1000, /* VirtualAddress */
+        0x1200, /* SizeOfRawData */
+        0x400, /* PointerToRawData */
+        0, /* PointerToRelocations */
+        0, /* PointerToLinenumbers */
+        0, /* NumberOfRelocations */
+        0, /* NumberOfLinenumbers */
+        IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_EXECUTE |
+            IMAGE_SCN_CNT_CODE, /* Characteristics */
+    },
+    /* IMAGE_SECTION_HEADER */
+    {
+        /* SizeOfRawData larger than VirtualSize */
+        ".data", /* Name */
+        { 0x100 }, /* Misc.VirtualSize */
+        0x2000, /* VirtualAddress */
+        0x1200, /* SizeOfRawData */
+        0x1600, /* PointerToRawData */
+        0, /* PointerToRelocations */
+        0, /* PointerToLinenumbers */
+        0, /* NumberOfRelocations */
+        0, /* NumberOfLinenumbers */
+        IMAGE_SCN_MEM_WRITE | IMAGE_SCN_MEM_READ |
+            IMAGE_SCN_CNT_INITIALIZED_DATA, /* Characteristics */
+    },
+    /* IMAGE_SECTION_HEADER */
+    {
+        /* SizeOfRawData = 0 */
+        ".zdata", /* Name */
+        { 0x100 }, /* Misc.VirtualSize */
+        0x3000, /* VirtualAddress */
+        0, /* SizeOfRawData */
+        0x2800, /* PointerToRawData */
+        0, /* PointerToRelocations */
+        0, /* PointerToLinenumbers */
+        0, /* NumberOfRelocations */
+        0, /* NumberOfLinenumbers */
+        IMAGE_SCN_MEM_WRITE | IMAGE_SCN_MEM_READ |
+            IMAGE_SCN_CNT_UNINITIALIZED_DATA, /* Characteristics */
+    },
+    /* IMAGE_SECTION_HEADER */
+    {
+        /* VirtualSize larger than SizeOfRawData */
+        ".rsrc", /* Name */
+        { 0x300 }, /* Misc.VirtualSize */
+        0x4000, /* VirtualAddress */
+        0x200, /* SizeOfRawData */
+        0x2800, /* PointerToRawData */
+        0, /* PointerToRelocations */
+        0, /* PointerToLinenumbers */
+        0, /* NumberOfRelocations */
+        0, /* NumberOfLinenumbers */
+        IMAGE_SCN_MEM_READ |
+            IMAGE_SCN_CNT_INITIALIZED_DATA, /* Characteristics */
+    },
+    /* fill */
+    { 0 },
+    /* text */
+    {
+        0xc3, 0, 0, 0, 0, 0, 0, 0,
+        BYTES8(1),
+        BYTES16(2),
+        BYTES32(3),
+        BYTES64(4),
+        BYTES128(5),
+        BYTES256(6),
+        BYTES512(7),
+        BYTES1024(8),
+        BYTES1024(9),
+        BYTES1024(0xa),
+        BYTES512(0xb),
+    },
+    /* data */
+    {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+        BYTES8(0xaa),
+        BYTES16(0xbb),
+        BYTES32(0xcc),
+        BYTES64(0xdd),
+        BYTES128(0xee),
+        BYTES256(0xff),
+        BYTES512(0xee),
+        BYTES1024(0xdd),
+        BYTES1024(0xcc),
+        BYTES1024(0xbb),
+        BYTES512(0xaa),
+    },
+    /* rsrc */
+    {
+        BYTES256(0xff),
+        BYTES128(0xee),
+        BYTES64(0xdd),
+        BYTES32(0xcc),
+        BYTES16(0xbb),
+        BYTES8(0xaa),
+        0xef, 0xcd, 0xab, 0x89, 0x67, 0x45, 0x23, 0x01,
+    },
+};
+
+C_ASSERT(FIELD_OFFSET(struct _RAW_SIZE_IMAGE_FILE, text_data) == 0x400);
+C_ASSERT(FIELD_OFFSET(struct _RAW_SIZE_IMAGE_FILE, data_data) == 0x1600);
+C_ASSERT(FIELD_OFFSET(struct _RAW_SIZE_IMAGE_FILE, rsrc_data) == 0x2800);
+
+// CORE-17284
+static
+void
+Test_RawSize(ULONG TestNumber)
+{
+    NTSTATUS Status;
+    WCHAR TempPath[MAX_PATH];
+    WCHAR FileName[MAX_PATH];
+    HANDLE Handle;
+    HANDLE SectionHandle;
+    LARGE_INTEGER SectionOffset;
+    PVOID BaseAddress;
+    SIZE_T ViewSize;
+    ULONG Written;
+    ULONG Length;
+    BOOL Success;
+
+    Length = GetTempPathW(MAX_PATH, TempPath);
+    ok(Length != 0, "GetTempPathW failed with %lu\n", GetLastError());
+    Length = GetTempFileNameW(TempPath, L"nta", 0, FileName);
+    ok(Length != 0, "GetTempFileNameW failed with %lu\n", GetLastError());
+    Handle = CreateFileW(FileName,
+                         FILE_ALL_ACCESS,
+                         0,
+                         NULL,
+                         CREATE_ALWAYS,
+                         0,
+                         NULL);
+    if (Handle == INVALID_HANDLE_VALUE)
+    {
+        skip("Failed to create temp file %ls, error %lu\n", FileName, GetLastError());
+        return;
+    }
+    RawSizeImageFile.nthdrs.OptionalHeader.ImageBase = 0xe400000;
+    if (TestNumber == 1)
+    {
+        /* Just for fun, show that these flags don't matter. */
+        RawSizeImageFile.text_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE | IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+        RawSizeImageFile.data_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE | IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+        RawSizeImageFile.zdata_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE | IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+        RawSizeImageFile.rsrc_header.Characteristics &= ~(IMAGE_SCN_CNT_CODE | IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_UNINITIALIZED_DATA);
+    }
+    else if (TestNumber == 2)
+    {
+        /* SizeOfRawData is too large and will overflow.
+         * This should cause failure to load the file */
+        RawSizeImageFile.rsrc_header.SizeOfRawData = (ULONG)-0x200;
+    }
+
+    Success = WriteFile(Handle,
+                        &RawSizeImageFile,
+                        sizeof(RawSizeImageFile),
+                        &Written,
+                        NULL);
+    ok(Success == TRUE, "WriteFile failed with %lu\n", GetLastError());
+    ok(Written == sizeof(RawSizeImageFile), "WriteFile wrote %lu bytes\n", Written);
+
+    Status = NtCreateSection(&SectionHandle,
+                             SECTION_ALL_ACCESS,
+                             NULL,
+                             NULL,
+                             PAGE_EXECUTE_READWRITE,
+                             SEC_IMAGE,
+                             Handle);
+    if (TestNumber == 2)
+    {
+        /* overflow in SizeOfRawData */
+        ok_ntstatus(Status, STATUS_INVALID_IMAGE_FORMAT);
+    }
+    else
+    {
+        ok_ntstatus(Status, STATUS_SUCCESS);
+    }
+
+    if (NT_SUCCESS(Status))
+    {
+        /* Map the section with  */
+        BaseAddress = NULL;
+        SectionOffset.QuadPart = 0;
+        ViewSize = 0;
+        Status = NtMapViewOfSection(SectionHandle,
+                                    NtCurrentProcess(),
+                                    &BaseAddress,
+                                    0,
+                                    0,
+                                    &SectionOffset,
+                                    &ViewSize,
+                                    ViewShare,
+                                    0,
+                                    PAGE_READWRITE);
+        ok_ntstatus(Status, STATUS_SUCCESS);
+        if (NT_SUCCESS(Status))
+        {
+            PUCHAR Bytes = BaseAddress;
+            struct _RAW_SIZE_IMAGE_FILE *ImageFile = BaseAddress;
+
+            /* .text section header is unmodified */
+            ok_hex(ImageFile->text_header.Misc.VirtualSize, RawSizeImageFile.text_header.Misc.VirtualSize);
+            ok_hex(ImageFile->text_header.VirtualAddress, RawSizeImageFile.text_header.VirtualAddress);
+            ok_hex(ImageFile->text_header.SizeOfRawData, RawSizeImageFile.text_header.SizeOfRawData);
+            ok_hex(ImageFile->text_header.PointerToRawData, RawSizeImageFile.text_header.PointerToRawData);
+
+            /* SizeOfRawData = 0 resets PointerToRawData to 0 */
+            ok_hex(ImageFile->zdata_header.Misc.VirtualSize, RawSizeImageFile.zdata_header.Misc.VirtualSize);
+            ok_hex(ImageFile->zdata_header.VirtualAddress, RawSizeImageFile.zdata_header.VirtualAddress);
+            ok_hex(ImageFile->zdata_header.SizeOfRawData, RawSizeImageFile.zdata_header.SizeOfRawData);
+            ok_hex(ImageFile->zdata_header.PointerToRawData, 0);
+
+#define TEST_BYTE(n, v) \
+    StartSeh() \
+        ok(Bytes[n] == v, "[%lu] Bytes[%u] = 0x%x, expected 0x%x\n", \
+           TestNumber, n, Bytes[n], v); \
+    EndSeh(STATUS_SUCCESS);
+            /* .text section data matches file up to 0x1000 */
+            TEST_BYTE(0x1000, 0xc3);
+            TEST_BYTE(0x1001, 0x00);
+            TEST_BYTE(0x1008, 0x01);
+            TEST_BYTE(0x1010, 0x02);
+            TEST_BYTE(0x1fff, 0x0a);
+
+            /* .data section data matches file up to 0x1000 */
+            TEST_BYTE(0x2000, 0x01);
+            TEST_BYTE(0x2001, 0x23);
+            TEST_BYTE(0x20ff, 0xee);
+            TEST_BYTE(0x2100, 0xff);
+            TEST_BYTE(0x2fff, 0xbb);
+
+            /* .zdata section data is all zeroes */
+            TEST_BYTE(0x3000, 0x00);
+            TEST_BYTE(0x3001, 0x00);
+            TEST_BYTE(0x3800, 0x00);
+            TEST_BYTE(0x3fff, 0x00);
+
+            /* .rsrc section data matches file up to VirtualSize 0x200 */
+            TEST_BYTE(0x4000, 0xff);
+            TEST_BYTE(0x4100, 0xee);
+            TEST_BYTE(0x4180, 0xdd);
+            TEST_BYTE(0x41c0, 0xcc);
+            TEST_BYTE(0x41e0, 0xbb);
+            TEST_BYTE(0x41f0, 0xaa);
+            TEST_BYTE(0x41fe, 0x23);
+            TEST_BYTE(0x41ff, 0x01);
+            TEST_BYTE(0x4200, 0x00);
+            TEST_BYTE(0x4fff, 0x00);
+#undef TEST_BYTE
             Status = NtUnmapViewOfSection(NtCurrentProcess(), BaseAddress);
             ok_ntstatus(Status, STATUS_SUCCESS);
         }
@@ -1510,7 +1874,7 @@ Test_EmptyFile(VOID)
         skip("Failed to create temp file %ls, error %lu\n", FileName, GetLastError());
         return;
     }
-    
+
     Status = NtCreateSection(&SectionHandle,
                              STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ,
                              0, 0, PAGE_READONLY, SEC_COMMIT, Handle);
@@ -1633,6 +1997,9 @@ START_TEST(NtMapViewOfSection)
     Test_BasedSection();
     Test_SectionContents(FALSE);
     Test_SectionContents(TRUE);
+    Test_RawSize(0);
+    Test_RawSize(1);
+    Test_RawSize(2);
     Test_EmptyFile();
     Test_Truncate();
 }

    