From: Bernhard Übelacker bernhardu@mailbox.org
Function gets called with Magic == 0xdead, which causes the test to use the 64-bit path, which results in this buffer overflow.
Signed-off-by: Nikolay Sivov nsivov@codeweavers.com --- dlls/kernel32/tests/loader.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/dlls/kernel32/tests/loader.c b/dlls/kernel32/tests/loader.c index 9b0f8f6bff2..0871ae3b57f 100644 --- a/dlls/kernel32/tests/loader.c +++ b/dlls/kernel32/tests/loader.c @@ -584,8 +584,10 @@ static UINT get_com_dir_size( const IMAGE_NT_HEADERS *nt ) { if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) return ((const IMAGE_NT_HEADERS32 *)nt)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size; - else + else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) return ((const IMAGE_NT_HEADERS64 *)nt)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size; + else + return 0; }
/* helper to test image section mapping */