Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
Description
Code in ntoskrnl\mm\section.c
- Missing validation that ImageBase is below highest user address
- Missing validation that ImageBase + SizeOfImage is below highest user address (this might also be checked in MapViewOfImageSection)
- Missing validation that sections don't exceed user-mode range
- Only maximum size of all PE sections is used, but Windows actually resevers the entire range specified by SizeOfImage.
This needs some tests (ntdll_apitest:NtMapViewOfSection)