[Bug 38949] Free Falcon 5.x/6.x configuration editor segfaults on start (loader must take invalid IMAGE_LOAD_CONFIG_DIRECTORY values into account)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Jul 20 13:09:55 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=38949
--- Comment #6 from Sebastian Lackner <sebastian at fds-team.de> ---
(In reply to Anastasius Focht from comment #4)
> I think that should be taken care by the PE compressor code itself.
> Whoever messes with load config directory has to emit/keep relocation
> entries for:
>
> * LockPrefixTable (VA)
> * EditList (VA)
> * SecurityCookie (VA)
> * SEHandlerTable (VA)
When the PE compressor code does the relocation, then yes. But Wine also
contains relocation code, thats what I was concerned about.
(In reply to André H. from comment #5)
> Created attachment 51899 [details]
> ntdll: Don't touch SecurityCookie when the pointer is outside of the image
>
> What about this patch?
You are truncating the pointer on 64-bit, you'll have to use something like
DWORD_PTR or ULONG_PTR (or alternatively do the test with pointer types).
Besides that, I think it would be better to check:
(ULONG_PTR)ptr >= loadcfg->SecurityCookie &&
loadcfg->SecurityCookie <= (ULONG_PTR)ptr + total_size - sizeof(ULONG_PTR)
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list