Alexandre Julliard : ntdll: Check file size when mapping image sections to avoid SIGBUS errors.

Alexandre Julliard julliard at wine.codeweavers.com
Tue Jan 3 15:21:04 CST 2006 

Module: wine
Branch: refs/heads/master
Commit: 67f29999a36ce3725a52b79ed618964244cc96ae
URL:    http://source.winehq.org/git/?p=wine.git;a=commit;h=67f29999a36ce3725a52b79ed618964244cc96ae

Author: Alexandre Julliard <julliard at winehq.org>
Date:   Tue Jan  3 17:39:23 2006 +0100

ntdll: Check file size when mapping image sections to avoid SIGBUS errors.

---

 dlls/ntdll/virtual.c |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 922c1b3..912f5c4 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -35,6 +35,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #ifdef HAVE_SYS_MMAN_H
 #include <sys/mman.h>
 #endif
@@ -835,6 +836,7 @@ static NTSTATUS map_image( HANDLE hmappi
     NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
     int i;
     off_t pos;
+    struct stat st;
     struct file_view *view = NULL;
     char *ptr;
 
@@ -857,7 +859,13 @@ static NTSTATUS map_image( HANDLE hmappi
 
     /* map the header */
 
+    if (fstat( fd, &st ) == -1)
+    {
+        status = FILE_GetNtStatus();
+        goto error;
+    }
     status = STATUS_INVALID_IMAGE_FORMAT;  /* generic error */
+    if (header_size > st.st_size) goto error;
     if (map_file_into_view( view, fd, 0, header_size, 0, VPROT_COMMITTED | VPROT_READ,
                             removable ) != STATUS_SUCCESS) goto error;
     dos = (IMAGE_DOS_HEADER *)ptr;
@@ -996,7 +1004,9 @@ static NTSTATUS map_image( HANDLE hmappi
         /* Note: if the section is not aligned properly map_file_into_view will magically
          *       fall back to read(), so we don't need to check anything here.
          */
-        if (map_file_into_view( view, fd, sec->VirtualAddress, file_size, sec->PointerToRawData,
+        end = sec->PointerToRawData + file_size;
+        if (sec->PointerToRawData >= st.st_size || end > st.st_size || end < sec->PointerToRawData ||
+            map_file_into_view( view, fd, sec->VirtualAddress, file_size, sec->PointerToRawData,
                                 VPROT_COMMITTED | VPROT_READ | VPROT_WRITECOPY,
                                 removable ) != STATUS_SUCCESS)
         {

More information about the wine-cvs mailing list