https://bugs.winehq.org/show_bug.cgi?id=38949 --- Comment #6 from Sebastian Lackner <sebastian(a)fds-team.de> --- (In reply to Anastasius Focht from comment #4)
I think that should be taken care by the PE compressor code itself. Whoever messes with load config directory has to emit/keep relocation entries for:
* LockPrefixTable (VA) * EditList (VA) * SecurityCookie (VA) * SEHandlerTable (VA)
When the PE compressor code does the relocation, then yes. But Wine also contains relocation code, thats what I was concerned about. (In reply to André H. from comment #5)
Created attachment 51899 [details] ntdll: Don't touch SecurityCookie when the pointer is outside of the image
What about this patch?
You are truncating the pointer on 64-bit, you'll have to use something like DWORD_PTR or ULONG_PTR (or alternatively do the test with pointer types). Besides that, I think it would be better to check: (ULONG_PTR)ptr >= loadcfg->SecurityCookie && loadcfg->SecurityCookie <= (ULONG_PTR)ptr + total_size - sizeof(ULONG_PTR) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.