efi_loader: don't load beyond VirtualSize

PE section table entries' SizeOfRawData must be a multiple of FileAlignment, and thus may be rounded up and larger than their VirtualSize. We should not load beyond the VirtualSize, which is "the total size of the section when loaded into memory" -- we may clobber real data at the target in some other section, since we load sections in reverse order and sections are usually laid out sequentially. Signed-off-by: N Asherah Connor <ashe@kivikakk.ee> Reviewed-by: N Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_loader: don't load beyond VirtualSize
PE section table entries' SizeOfRawData must be a multiple of FileAlignment, and thus may be rounded up and larger than their VirtualSize. We should not load beyond the VirtualSize, which is "the total size of the section when loaded into memory" -- we may clobber real data at the target in some other section, since we load sections in reverse order and sections are usually laid out sequentially. Signed-off-by: N Asherah Connor <ashe@kivikakk.ee> Reviewed-by: N Heinrich Schuchardt <xypron.glpk@gmx.de>
9d30a941 · Asherah Connor · Heinrich Schuchardt · 7c82e12c · 9d30a941
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

lib/efi_loader/efi_image_loader.c lib/efi_loader/efi_image_loader.c +1 -1

未找到文件。
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -843,7 +843,7 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
 		       sec->Misc.VirtualSize);
 		memcpy(efi_reloc + sec->VirtualAddress,
 		       efi + sec->PointerToRawData,
-		       sec->SizeOfRawData);
+		       min(sec->Misc.VirtualSize, sec->SizeOfRawData));
 	}

 	/* Run through relocations */