:: commit a7054df9255ac41090422e5ac9c5ad5154028eba

Mintsuki <mintsuki@protonmail.com> — 2026-01-11 21:07

parents: 7d811beee6

pe: Validate relocation block size to prevent infinite loop and underflow

diff --git a/common/lib/pe.c b/common/lib/pe.c
index 6bea9f88..8a757f08 100644
--- a/common/lib/pe.c
+++ b/common/lib/pe.c
@@ -326,6 +326,11 @@ again:
         while (reloc_dir->Size - reloc_block_offset >= sizeof(IMAGE_BASE_RELOCATION_BLOCK)) {
             IMAGE_BASE_RELOCATION_BLOCK *block = (IMAGE_BASE_RELOCATION_BLOCK *)((uintptr_t)*physical_base + reloc_dir->VirtualAddress + reloc_block_offset);
 
+            // Validate SizeOfBlock to prevent infinite loop (if 0) and underflow (if too small)
+            if (block->SizeOfBlock < sizeof(IMAGE_BASE_RELOCATION_BLOCK)) {
+                panic(true, "pe: Invalid relocation block size");
+            }
+
             uintptr_t block_base = *physical_base + block->VirtualAddress;
             size_t entries = (block->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION_BLOCK)) / sizeof(uint16_t);
             uint16_t *relocs = (uint16_t *)(block + 1);
tab: 248 wrap: offon
iczelia
https://iczelia.net // (c) 2019 - 2026 iczelia (Kamila Szewczyk) // email: k@iczelia.net