Module: wine Branch: stable Commit: 4c039666093f38c48a0774fea53d63a4d7ffdc62 URL: http://source.winehq.org/git/wine.git/?a=commit;h=4c039666093f38c48a0774fea5...
Author: Alexandre Julliard julliard@winehq.org Date: Tue Jul 20 16:04:51 2010 +0200
winebuild: Add more checks to protect against corrupted resource files. (cherry picked from commit 58dddbed234a45e6888cd35d4104ee72948e11e7)
---
tools/winebuild/res32.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/tools/winebuild/res32.c b/tools/winebuild/res32.c index 6320a2e..28b950c 100644 --- a/tools/winebuild/res32.c +++ b/tools/winebuild/res32.c @@ -220,8 +220,12 @@ static void load_next_resource( DLLSPEC *spec ) res->data_size = get_dword(); hdr_size = get_dword(); if (hdr_size & 3) fatal_error( "%s header size not aligned\n", input_buffer_filename ); + if (hdr_size < 32) fatal_error( "%s invalid header size %u\n", input_buffer_filename, hdr_size );
res->data = input_buffer + input_buffer_pos - 2*sizeof(unsigned int) + hdr_size; + if ((const unsigned char *)res->data < input_buffer || + (const unsigned char *)res->data >= input_buffer + input_buffer_size) + fatal_error( "%s invalid header size %u\n", input_buffer_filename, hdr_size ); get_string( &res->type ); get_string( &res->name ); if (input_buffer_pos & 2) get_word(); /* align to dword boundary */