ntdll: Don't touch SecurityCookie when the pointer is outside of the image
André Hentschel
nerv at dawncrow.de
Tue Jul 21 13:33:47 CDT 2015
Fixes https://bugs.winehq.org/show_bug.cgi?id=38949
---
dlls/ntdll/virtual.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index ff947da..518acfc 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1320,7 +1320,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
- if (loadcfg && loadcfg_size >= sizeof(*loadcfg))
+ if (loadcfg && loadcfg_size >= sizeof(*loadcfg) &&
+ (ULONG_PTR)ptr > loadcfg->SecurityCookie &&loadcfg->SecurityCookie < (ULONG_PTR)ptr + total_size)
set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie);
/* set the image protections */
--
1.9.1
More information about the wine-patches
mailing list