[PATCH] kernelbase: Stay in bounds when looking for resource entries.
Arkadiusz Hiler
ahiler at codeweavers.com
Thu Oct 29 08:01:05 CDT 2020
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50075
Signed-off-by: Arkadiusz Hiler <ahiler at codeweavers.com>
---
dlls/kernelbase/version.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/dlls/kernelbase/version.c b/dlls/kernelbase/version.c
index 58c49aa148b..cb6c57d7617 100644
--- a/dlls/kernelbase/version.c
+++ b/dlls/kernelbase/version.c
@@ -240,7 +240,8 @@ done:
* Copied from loader/pe_resource.c
*/
static const IMAGE_RESOURCE_DIRECTORY *find_entry_by_id( const IMAGE_RESOURCE_DIRECTORY *dir,
- WORD id, const void *root )
+ WORD id, const void *root,
+ const void *end )
{
const IMAGE_RESOURCE_DIRECTORY_ENTRY *entry;
int min, max, pos;
@@ -251,6 +252,7 @@ static const IMAGE_RESOURCE_DIRECTORY *find_entry_by_id( const IMAGE_RESOURCE_DI
while (min <= max)
{
pos = (min + max) / 2;
+ if ((void*)&entry[pos] >= end || &entry[pos] < entry) return NULL;
if (entry[pos].u.Id == id)
return (const IMAGE_RESOURCE_DIRECTORY *)((const char *)root + entry[pos].u2.s2.OffsetToDirectory);
if (entry[pos].u.Id > id) max = pos - 1;
@@ -294,7 +296,8 @@ static inline int push_language( WORD *list, int pos, WORD lang )
* find_entry_language
*/
static const IMAGE_RESOURCE_DIRECTORY *find_entry_language( const IMAGE_RESOURCE_DIRECTORY *dir,
- const void *root, DWORD flags )
+ const void *root, const void *end,
+ DWORD flags )
{
const IMAGE_RESOURCE_DIRECTORY *ret;
WORD list[9];
@@ -319,7 +322,7 @@ static const IMAGE_RESOURCE_DIRECTORY *find_entry_language( const IMAGE_RESOURCE
pos = push_language( list, pos, MAKELANGID( LANG_ENGLISH, SUBLANG_DEFAULT ) );
}
- for (i = 0; i < pos; i++) if ((ret = find_entry_by_id( dir, list[i], root ))) return ret;
+ for (i = 0; i < pos; i++) if ((ret = find_entry_by_id( dir, list[i], root, end ))) return ret;
return find_entry_default( dir, root );
}
@@ -488,19 +491,19 @@ static BOOL find_pe_resource( HANDLE handle, DWORD *resLen, DWORD *resOff, DWORD
resDir = resSection + (resDataDir->VirtualAddress - sections[i].VirtualAddress);
resPtr = resDir;
- resPtr = find_entry_by_id( resPtr, VS_FILE_INFO, resDir );
+ resPtr = find_entry_by_id( resPtr, VS_FILE_INFO, resDir, resSection + section_size );
if ( !resPtr )
{
TRACE("No typeid entry found\n" );
goto done;
}
- resPtr = find_entry_by_id( resPtr, VS_VERSION_INFO, resDir );
+ resPtr = find_entry_by_id( resPtr, VS_VERSION_INFO, resDir, resSection + section_size );
if ( !resPtr )
{
TRACE("No resid entry found\n" );
goto done;
}
- resPtr = find_entry_language( resPtr, resDir, flags );
+ resPtr = find_entry_language( resPtr, resDir, resSection + section_size, flags );
if ( !resPtr )
{
TRACE("No default language entry found\n" );
--
2.29.1
More information about the wine-devel
mailing list