From 28505dd910395ae11cc0370a34a4538493ce78f7 Mon Sep 17 00:00:00 2001 From: Ladislav Zezula Date: Wed, 6 Jan 2021 09:11:33 +0100 Subject: [PATCH] Fixed issue #911 --- include/retdec/pelib/PeLibAux.h | 2 +- src/pelib/ResourceDirectory.cpp | 9 ++------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/include/retdec/pelib/PeLibAux.h b/include/retdec/pelib/PeLibAux.h index 92f4ff84..aebacb71 100644 --- a/include/retdec/pelib/PeLibAux.h +++ b/include/retdec/pelib/PeLibAux.h @@ -162,7 +162,7 @@ namespace PeLib const std::uint32_t PELIB_IMAGE_RESOURCE_DATA_IS_DIRECTORY = 0x80000000; const std::uint32_t PELIB_IMAGE_RESOURCE_NAME_IS_STRING = 0x80000000; const std::uint32_t PELIB_IMAGE_RESOURCE_RVA_MASK = 0x7FFFFFFF; - const std::uint16_t PELIB_MAX_RESOURCE_ENTRIES = 0xC000; // Maximum number of resource directory entries we consider OK + const std::uint16_t PELIB_MAX_RESOURCE_ENTRIES = 0x8000; // Maximum number of resource directory entries we consider OK enum : std::uint32_t { diff --git a/src/pelib/ResourceDirectory.cpp b/src/pelib/ResourceDirectory.cpp index 29e028b1..69bae7f9 100644 --- a/src/pelib/ResourceDirectory.cpp +++ b/src/pelib/ResourceDirectory.cpp @@ -318,9 +318,7 @@ namespace PeLib // Invalid leaf. std::uint32_t uiRva = uiRsrcRva + uiOffset; if(uiRva > sizeOfImage) - { return ERROR_INVALID_FILE; - } // Load the resource data entry imageLoader.readImage(&entry, uiRva, sizeof(PELIB_IMAGE_RESOURCE_DATA_ENTRY)); @@ -330,6 +328,8 @@ namespace PeLib m_data.clear(); // No data or invalid leaf + if(entry.OffsetToData == 0 && entry.Size == 0) + return ERROR_INVALID_FILE; if(entry.OffsetToData > sizeOfImage || entry.Size > sizeOfImage) return ERROR_NONE; if((uiRsrcRva + entry.OffsetToData) >= sizeOfImage || (uiRsrcRva + entry.OffsetToData + entry.Size) > sizeOfImage) @@ -1031,11 +1031,6 @@ namespace PeLib std::uint32_t resDirRva = imageLoader.getDataDirRva(PELIB_IMAGE_DIRECTORY_ENTRY_RESOURCE); std::uint32_t sizeOfImage = imageLoader.getSizeOfImage(); - if(resDirRva >= sizeOfImage) - { - return ERROR_INVALID_FILE; - } - return m_rnRoot.read(imageLoader, resDirRva, 0, sizeOfImage, this); }