From 8e5f28127644344247056337a4eeca71f0e43322 Mon Sep 17 00:00:00 2001
From: Alexandre Julliard <julliard@winehq.org>
Date: Mon, 30 Jun 2008 12:51:35 +0200
Subject: [PATCH] ntdll: Add some sanity checks for invalid relocation blocks.

---
 dlls/ntdll/virtual.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index f14085dd216..ef97eb2968f 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1107,8 +1107,14 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
         rel = (IMAGE_BASE_RELOCATION *)(ptr + relocs->VirtualAddress);
         end = (IMAGE_BASE_RELOCATION *)(ptr + relocs->VirtualAddress + relocs->Size);
 
-        while (rel < end && rel->SizeOfBlock)
+        while (rel <= end - 1 && rel->SizeOfBlock)
         {
+            if (rel->VirtualAddress >= total_size)
+            {
+                WARN_(module)( "invalid address %p in relocation %p\n", ptr + rel->VirtualAddress, rel );
+                status = STATUS_ACCESS_VIOLATION;
+                goto error;
+            }
             rel = LdrProcessRelocationBlock( ptr + rel->VirtualAddress,
                                              (rel->SizeOfBlock - sizeof(*rel)) / sizeof(USHORT),
                                              (USHORT *)(rel + 1), delta );
-- 
2.11.4.GIT