Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-12-11 23:16:05 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fix #6914 - oobread in PE

Browse Source
This commit is contained in:
pancake 2017-03-09 22:20:04 +01:00
parent 6b515cae6a
commit cb1c36371a
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libr/bin/format/pe/pe.c
View File

@ -196,7 +196,7 @@ struct r_bin_pe_addr_t *PE_(check_mingw) (struct PE_(r_bin_pe_obj_t) *bin) {
//A1 04 50 44 00 mov eax, ds:dword_445004
//89 04 24 mov[esp + 28h + lpTopLevelExceptionFilter], eax
//E8 A3 01 00 00 call sub_4013EE
ut32 imageBase = bin->nt_headers->optional_header.ImageBase;
// ut32 imageBase = bin->nt_headers->optional_header.ImageBase;
for (n = 0; n < sizeof (b) - 12; n++) {
if (b[n] == 0xa1 && b[n + 5] == 0x89 && b[n + 8] == 0xe8) {
const st32 call_dst = b[n + 9] | (b[n + 10] << 8) | (b[n + 11] << 16) | (b[n + 12] << 24);
@ -937,8 +937,15 @@ static int bin_pe_init_metadata_hdr(struct PE_(r_bin_pe_obj_t)* bin) {
goto fail;
}
int c = bin_pe_read_metadata_string (stream_name, (char *)(bin->b->buf + start_of_stream + 8));
if (r_buf_size (bin->b) < (start_of_stream + 8 + MAX_METADATA_STRING_LENGTH)) {
free (stream_name);
free (stream);
goto fail;
}
int c = bin_pe_read_metadata_string (stream_name,
(char *)(bin->b->buf + start_of_stream + 8));
if (c == 0) {
free (stream_name);
free (stream);
goto fail;
}