Merge pull request #822 from avast/LZ_HighMemoryUsage_2

* Check for invalid IAT directory
avast · Jul 25, 2020 · 956b1a3 · 956b1a3
2 parents 235228a + 2132ddc
commit 956b1a3
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 24 deletions.
diff --git a/include/retdec/pelib/ImportDirectory.h b/include/retdec/pelib/ImportDirectory.h
@@ -648,7 +648,7 @@ namespace PeLib
 				m_occupiedAddresses.back().second += 1;
 
 			// Push the import descriptor into the vector
-			vOldIidCurr.push_back(iidCurr);
+			vOldIidCurr.push_back(std::move(iidCurr));
 		}
 
 		// Space occupied by import descriptors

diff --git a/include/retdec/pelib/PeLibAux.h b/include/retdec/pelib/PeLibAux.h
@@ -623,21 +623,6 @@ namespace PeLib
 		static inline std::size_t size() {return 8;}
 	};
 
-	template<int>
-	struct FieldSizes;
-
-	template<>
-	struct FieldSizes<32>
-	{
-		typedef std::uint32_t VAR4_8;
-	};
-
-	template<>
-	struct FieldSizes<64>
-	{
-		typedef std::uint64_t VAR4_8;
-	};
-
 	struct PELIB_IMAGE_OPTIONAL_HEADER32
 	{
 		std::uint16_t Magic;

diff --git a/src/pelib/BoundImportDirectory.cpp b/src/pelib/BoundImportDirectory.cpp
@@ -173,10 +173,13 @@ namespace PeLib
 		std::uint32_t importSize = imageLoader.getDataDirSize(PELIB_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT);
 		std::uint32_t sizeOfImage = imageLoader.getSizeOfImage();
 
-		if(importRva >= sizeOfImage || (importRva + importSize) >= sizeOfImage)
-		{
+		// Refuse to load blatantly invalid bound import directory
+		if(importSize & 0xFF000000)
+			return ERROR_INVALID_FILE;
+
+		// Refuse to load too large import directories
+		if((importRva + importSize) < importRva || importRva >= sizeOfImage || (importRva + importSize) >= sizeOfImage)
 			return ERROR_INVALID_FILE;
-		}
 
 		std::vector<unsigned char> vBimpDir(importSize);
 		imageLoader.readImage(reinterpret_cast<char*>(vBimpDir.data()), importRva, importSize);

diff --git a/src/pelib/IatDirectory.cpp b/src/pelib/IatDirectory.cpp
@@ -53,11 +53,13 @@ namespace PeLib
 		std::uint32_t sizeOfImage = imageLoader.getSizeOfImage();
 		int fileError = ERROR_NONE;
 
-		// Check whether the IAT is outside the image
-		if(iatRva >= sizeOfImage)
-		{
+		// Refuse to load blatantly invalid IAT
+		if(iatSize & 0xFF000000)
+			return ERROR_INVALID_FILE;
+
+		// Refuse to load too large IAT directories
+		if((iatRva + iatSize) < iatRva || iatRva >= sizeOfImage || (iatRva + iatSize) >= sizeOfImage)
 			return ERROR_INVALID_FILE;
-		}
 
 		// Trim the array size to the size of image
 		if((iatRva + iatSize) > sizeOfImage)

diff --git a/src/pelib/RelocationsDirectory.cpp b/src/pelib/RelocationsDirectory.cpp
@@ -149,7 +149,7 @@ namespace PeLib
 				}
 
 				// Push the data to the relocations vector
-				m_vRelocations.push_back(ibrCurr);
+				m_vRelocations.push_back(std::move(ibrCurr));
 			}
 		}
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -149,7 +149,7 @@ namespace PeLib @@
     				}
     				// Push the data to the relocations vector
-    				m_vRelocations.push_back(ibrCurr);
+    				m_vRelocations.push_back(std::move(ibrCurr));
     			}
     		}
     	}
@@ Expand Down @@