:: commit 5e052b30c26912a728075b796a0b6ea7d181a758
lib/pe: Validate relocation block size against remaining directory size
diff --git a/common/lib/pe.c b/common/lib/pe.c
index 4e95c135..17010f46 100644
--- a/common/lib/pe.c
+++ b/common/lib/pe.c
@@ -357,6 +357,10 @@ again:
panic(true, "pe: Invalid relocation block size");
}
+ if (block->SizeOfBlock > reloc_dir->Size - reloc_block_offset) {
+ panic(true, "pe: Relocation block size exceeds directory");
+ }
+
if (block->VirtualAddress >= image_size) {
panic(true, "pe: Relocation block VirtualAddress out of bounds");
}
