From 67f29999a36ce3725a52b79ed618964244cc96ae Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Tue, 3 Jan 2006 17:39:23 +0100 Subject: [PATCH] ntdll: Check file size when mapping image sections to avoid SIGBUS errors. --- dlls/ntdll/virtual.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 922c1b3e971..912f5c463da 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -35,6 +35,7 @@ #include #include #include +#include #ifdef HAVE_SYS_MMAN_H #include #endif @@ -835,6 +836,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz NTSTATUS status = STATUS_CONFLICTING_ADDRESSES; int i; off_t pos; + struct stat st; struct file_view *view = NULL; char *ptr; @@ -857,7 +859,13 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz /* map the header */ + if (fstat( fd, &st ) == -1) + { + status = FILE_GetNtStatus(); + goto error; + } status = STATUS_INVALID_IMAGE_FORMAT; /* generic error */ + if (header_size > st.st_size) goto error; if (map_file_into_view( view, fd, 0, header_size, 0, VPROT_COMMITTED | VPROT_READ, removable ) != STATUS_SUCCESS) goto error; dos = (IMAGE_DOS_HEADER *)ptr; @@ -996,7 +1004,9 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz /* Note: if the section is not aligned properly map_file_into_view will magically * fall back to read(), so we don't need to check anything here. */ - if (map_file_into_view( view, fd, sec->VirtualAddress, file_size, sec->PointerToRawData, + end = sec->PointerToRawData + file_size; + if (sec->PointerToRawData >= st.st_size || end > st.st_size || end < sec->PointerToRawData || + map_file_into_view( view, fd, sec->VirtualAddress, file_size, sec->PointerToRawData, VPROT_COMMITTED | VPROT_READ | VPROT_WRITECOPY, removable ) != STATUS_SUCCESS) { -- 2.11.4.GIT