VirtualBox

Changeset 85545 in vbox for trunk


Ignore:
Timestamp:
Jul 30, 2020 9:07:13 AM (4 years ago)
Author:
vboxsync
Message:

SUPDrv: Need to copy the segments before we call supdrvLdrValidatePointer. Made sure supdrvLdrValidatePointer found a matching executable segment. bugref:9801

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/HostDrivers/Support/SUPDrv.cpp

    r85543 r85545  
    52555255                                          pImage->paSegments[iSeg].fProt);
    52565256            }
     5257        if (iSeg >= pImage->cSegments)
     5258        {
     5259            supdrvLdrUnlock(pDevExt);
     5260            return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
     5261                                      "Bad entry point %p given for %s: no matching segment found (RVA %#zx)!",
     5262                                      pv, pszSymbol, uRva);
     5263        }
    52575264
    52585265        if (pImage->fNative)
     
    53355342    }
    53365343
     5344    /*
     5345     * Copy the segments before we start using supdrvLdrValidatePointer for entrypoint validation.
     5346     */
     5347    pImage->cSegments = pReq->u.In.cSegments;
     5348    {
     5349        size_t  cbSegments = pImage->cSegments * sizeof(SUPLDRSEG);
     5350        pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments);
     5351        if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */
     5352            pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE);
     5353        else
     5354        {
     5355            supdrvLdrUnlock(pDevExt);
     5356            return supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for segment table: %#x", cbSegments);
     5357        }
     5358        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     5359    }
     5360
     5361    /*
     5362     * Validate entrypoints.
     5363     */
    53375364    switch (pReq->u.In.eEPType)
    53385365    {
     
    54045431            if (!pImage->paSymbols)
    54055432                rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for symbol table: %#x", cbSymbols);
    5406             SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
    5407         }
    5408 
    5409         pImage->cSegments = pReq->u.In.cSegments;
    5410         if (RT_SUCCESS(rc))
    5411         {
    5412             size_t  cbSegments = pImage->cSegments * sizeof(SUPLDRSEG);
    5413             pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments);
    5414             if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */
    5415                 pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE);
    5416             else
    5417                 rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for segment table: %#x", cbSegments);
    54185433            SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
    54195434        }
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette