HostDrivers

Timestamp:

Sep 14, 2015 12:40:08 PM (9 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

102655

Message:

SUPDrv.cpp: Fixed SUP_IOCTL_LDR_LOAD regression from the szError info return change. When loading very small ELF images, like 32-bit tstRTR0MemUserKernel.r0, the total input size may end up being smaller than the return size and thereby the total request size. Thus the first cbIn validation fails as it checks it agains sizeof(SUPLDRLOAD) instead of a minimal image. The whole purpose of that test is to check whether cbImageWithTabs can safely be accessed.

File:

: 1 edited

trunk/src/VBox/HostDrivers/Support/SUPDrv.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/HostDrivers/Support/SUPDrv.cpp

r57379	r57735
1691	1691	/* validate */
1692	1692	PSUPLDRLOAD pReq = (PSUPLDRLOAD)pReqHdr;
1693		REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= ~~sizeof(*pReq~~));
	1693	REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= SUP_IOCTL_LDR_LOAD_SIZE_IN(32));
1694	1694	REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithTabs), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
1695	1695	REQ_CHECK_EXPR(SUP_IOCTL_LDR_LOAD, pReq->u.In.cSymbols <= 16384);

Note: See TracChangeset for help on using the changeset viewer.

Changeset 57735 in vbox for trunk/src/VBox/HostDrivers

Legend:

trunk/src/VBox/HostDrivers/Support/SUPDrv.cpp

Download in other formats: