Author: fireball Date: Fri Nov 23 16:39:31 2007 New Revision: 30691 URL: http://svn.reactos.org/svn/reactos?rev=30691&view=rev Log: - Add a check for an incorrect virtual size. Currently ReactOS's floppy.sys has such an incorrect section. Modified: trunk/reactos/lib/rossym/frommem.c Modified: trunk/reactos/lib/rossym/frommem.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rossym/frommem.c?rev=3… ============================================================================== --- trunk/reactos/lib/rossym/frommem.c (original) +++ trunk/reactos/lib/rossym/frommem.c Fri Nov 23 16:39:31 2007 @@ -24,8 +24,9 @@ PIMAGE_DOS_HEADER DosHeader; PIMAGE_NT_HEADERS NtHeaders; PIMAGE_SECTION_HEADER SectionHeader; - unsigned SectionIndex; - char SectionName[IMAGE_SIZEOF_SHORT_NAME]; + ULONG SectionIndex; + BOOLEAN RosSymSectionFound = FALSE; + CHAR SectionName[IMAGE_SIZEOF_SHORT_NAME]; /* Check if MZ header is valid */ DosHeader = (PIMAGE_DOS_HEADER) ImageStart; @@ -58,11 +59,13 @@ { if (0 == memcmp(SectionName, SectionHeader->Name, IMAGE_SIZEOF_SHORT_NAME)) { + RosSymSectionFound = TRUE; break; } SectionHeader++; } - if (NtHeaders->FileHeader.NumberOfSections <= SectionIndex) + + if (!RosSymSectionFound) { DPRINT("No %s section found\n", ROSSYM_SECTION_NAME); return FALSE; @@ -76,6 +79,12 @@ return FALSE; } + if (SectionHeader->VirtualAddress + SectionHeader->Misc.VirtualSize > ImageSize) + { + DPRINT("Bad %s section virtual size!\n", ROSSYM_SECTION_NAME); + return FALSE; + } + /* Load it */ return RosSymCreateFromRaw((char *) ImageStart + SectionHeader->VirtualAddress, SectionHeader->SizeOfRawData, RosSymInfo);