|
|
|
|
@ -85,7 +85,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct cli |
|
|
|
|
void *tmpsct = NULL; |
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
-] The real thing [- |
|
|
|
|
* -] The real thing [- |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
/* NOTE: (435063->4350a5) Petite kernel32!imports and error strings */ |
|
|
|
|
@ -242,10 +242,10 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct cli |
|
|
|
|
if (srva != size) { /* Test and clear bit 31 */ |
|
|
|
|
check4resources = 0; |
|
|
|
|
/*
|
|
|
|
|
Enumerates each petite data section |
|
|
|
|
I should get here once ot twice: |
|
|
|
|
- 1 time for the resource section (if present) |
|
|
|
|
- 1 time for the all_the_rest section |
|
|
|
|
* Enumerates each petite data section |
|
|
|
|
* I should get here once or twice: |
|
|
|
|
* - 1 time for the resource section (if present) |
|
|
|
|
* - 1 time for the all_the_rest section |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
if (!CLI_ISCONTAINED(buf, bufsz, packed + 4, 8)) { |
|
|
|
|
@ -254,7 +254,14 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct cli |
|
|
|
|
return 1; |
|
|
|
|
} |
|
|
|
|
/* Save the end of current packed section for later use */ |
|
|
|
|
bottom = cli_readint32(packed + 8) + 4; |
|
|
|
|
bottom = (uint32_t)cli_readint32(packed + 8); |
|
|
|
|
if (bottom > UINT32_MAX - 4) { |
|
|
|
|
/* bottom is too large, would cause integer overflow */ |
|
|
|
|
if (usects) |
|
|
|
|
free(usects); |
|
|
|
|
return 1; |
|
|
|
|
} |
|
|
|
|
bottom += 4; |
|
|
|
|
ssrc = adjbuf + cli_readint32(packed + 4) - (size - 1) * 4; |
|
|
|
|
ddst = adjbuf + cli_readint32(packed + 8) - (size - 1) * 4; |
|
|
|
|
|
|
|
|
|
|
Micah Snyder (micasnyd)
4 years ago