From: "Erich E. Hoover" Subject: [PATCH 1/2] ntdll: Fix section header memory cleanup. Message-Id: Date: Wed, 4 Apr 2012 10:57:19 -0600 Real Name: Erich Hoover Description: This patch fixes the cleanup of section header memory (the "sec" pointer does not correspond to the allocated memory, but to the active section). Changelog: ntdll: Fix section header memory cleanup. From 6716e2870fc2043df46bd702241578b322ed25e1 Mon Sep 17 00:00:00 2001 From: Erich Hoover Date: Wed, 4 Apr 2012 10:54:08 -0600 Subject: ntdll: Fix section header memory cleanup. --- dlls/ntdll/virtual.c | 15 ++++++++------- 1 files changed, 8 insertions(+), 7 deletions(-) diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 5271d18..fd52934 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -1122,7 +1122,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz { IMAGE_DOS_HEADER *dos; IMAGE_NT_HEADERS *nt; - IMAGE_SECTION_HEADER *sec = NULL; + IMAGE_SECTION_HEADER *sec, *sections = NULL; IMAGE_DATA_DIRECTORY *imports; NTSTATUS status = STATUS_CONFLICTING_ADDRESSES; int i; @@ -1171,13 +1171,13 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz if (header_start + sizeof(*sec) * nt->FileHeader.NumberOfSections > header_end) goto error; /* Some applications (e.g. the Steam version of Borderlands) map over the top of the section headers, * copying the headers into local memory is necessary to properly load such applications. */ - sec = RtlAllocateHeap( GetProcessHeap(), 0, sizeof(*sec) * nt->FileHeader.NumberOfSections); - if (!sec) + sections = RtlAllocateHeap( GetProcessHeap(), 0, sizeof(*sec) * nt->FileHeader.NumberOfSections); + if (!sections) { status = STATUS_NO_MEMORY; goto error; } - memcpy(sec, header_start, sizeof(*sec) * nt->FileHeader.NumberOfSections); + memcpy(sections, header_start, sizeof(*sec) * nt->FileHeader.NumberOfSections); imports = nt->OptionalHeader.DataDirectory + IMAGE_DIRECTORY_ENTRY_IMPORT; if (!imports->Size || !imports->VirtualAddress) imports = NULL; @@ -1198,7 +1198,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz if (nt->OptionalHeader.FileAlignment != nt->OptionalHeader.SectionAlignment) goto error; for (i = 0; i < nt->FileHeader.NumberOfSections; i++) { - if (sec[i].VirtualAddress != sec[i].PointerToRawData) + if (sections[i].VirtualAddress != sections[i].PointerToRawData) goto error; /* Windows refuses to load in that case too */ } @@ -1213,6 +1213,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz /* map all the sections */ + sec = sections; for (i = pos = 0; i < nt->FileHeader.NumberOfSections; i++, sec++) { static const SIZE_T sector_align = 0x1ff; @@ -1373,7 +1374,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz } done: - RtlFreeHeap( GetProcessHeap(), 0, sec ); + RtlFreeHeap( GetProcessHeap(), 0, sections ); view->mapping = dup_mapping; view->map_protect = map_vprot; server_leave_uninterrupted_section( &csVirtual, &sigset ); @@ -1386,7 +1387,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz return STATUS_SUCCESS; error: - RtlFreeHeap( GetProcessHeap(), 0, sec ); + RtlFreeHeap( GetProcessHeap(), 0, sections ); if (view) delete_view( view ); server_leave_uninterrupted_section( &csVirtual, &sigset ); if (dup_mapping) NtClose( dup_mapping ); -- 1.7.5.4