Alexandre Julliard : winebuild: Add more checks to protect against corrupted resource files.
Alexandre Julliard
julliard at winehq.org
Tue Oct 5 14:41:43 CDT 2010
Module: wine
Branch: stable
Commit: 4c039666093f38c48a0774fea53d63a4d7ffdc62
URL: http://source.winehq.org/git/wine.git/?a=commit;h=4c039666093f38c48a0774fea53d63a4d7ffdc62
Author: Alexandre Julliard <julliard at winehq.org>
Date: Tue Jul 20 16:04:51 2010 +0200
winebuild: Add more checks to protect against corrupted resource files.
(cherry picked from commit 58dddbed234a45e6888cd35d4104ee72948e11e7)
---
tools/winebuild/res32.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/tools/winebuild/res32.c b/tools/winebuild/res32.c
index 6320a2e..28b950c 100644
--- a/tools/winebuild/res32.c
+++ b/tools/winebuild/res32.c
@@ -220,8 +220,12 @@ static void load_next_resource( DLLSPEC *spec )
res->data_size = get_dword();
hdr_size = get_dword();
if (hdr_size & 3) fatal_error( "%s header size not aligned\n", input_buffer_filename );
+ if (hdr_size < 32) fatal_error( "%s invalid header size %u\n", input_buffer_filename, hdr_size );
res->data = input_buffer + input_buffer_pos - 2*sizeof(unsigned int) + hdr_size;
+ if ((const unsigned char *)res->data < input_buffer ||
+ (const unsigned char *)res->data >= input_buffer + input_buffer_size)
+ fatal_error( "%s invalid header size %u\n", input_buffer_filename, hdr_size );
get_string( &res->type );
get_string( &res->name );
if (input_buffer_pos & 2) get_word(); /* align to dword boundary */
More information about the wine-cvs
mailing list