Module: wine Branch: refs/heads/master Commit: 67f29999a36ce3725a52b79ed618964244cc96ae URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=67f29999a36ce3725a52b79e...
Author: Alexandre Julliard julliard@winehq.org Date: Tue Jan 3 17:39:23 2006 +0100
ntdll: Check file size when mapping image sections to avoid SIGBUS errors.
---
dlls/ntdll/virtual.c | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 922c1b3..912f5c4 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -35,6 +35,7 @@ #include <stdio.h> #include <string.h> #include <sys/types.h> +#include <sys/stat.h> #ifdef HAVE_SYS_MMAN_H #include <sys/mman.h> #endif @@ -835,6 +836,7 @@ static NTSTATUS map_image( HANDLE hmappi NTSTATUS status = STATUS_CONFLICTING_ADDRESSES; int i; off_t pos; + struct stat st; struct file_view *view = NULL; char *ptr;
@@ -857,7 +859,13 @@ static NTSTATUS map_image( HANDLE hmappi
/* map the header */
+ if (fstat( fd, &st ) == -1) + { + status = FILE_GetNtStatus(); + goto error; + } status = STATUS_INVALID_IMAGE_FORMAT; /* generic error */ + if (header_size > st.st_size) goto error; if (map_file_into_view( view, fd, 0, header_size, 0, VPROT_COMMITTED | VPROT_READ, removable ) != STATUS_SUCCESS) goto error; dos = (IMAGE_DOS_HEADER *)ptr; @@ -996,7 +1004,9 @@ static NTSTATUS map_image( HANDLE hmappi /* Note: if the section is not aligned properly map_file_into_view will magically * fall back to read(), so we don't need to check anything here. */ - if (map_file_into_view( view, fd, sec->VirtualAddress, file_size, sec->PointerToRawData, + end = sec->PointerToRawData + file_size; + if (sec->PointerToRawData >= st.st_size || end > st.st_size || end < sec->PointerToRawData || + map_file_into_view( view, fd, sec->VirtualAddress, file_size, sec->PointerToRawData, VPROT_COMMITTED | VPROT_READ | VPROT_WRITECOPY, removable ) != STATUS_SUCCESS) {