Fix another crash

LongSoft · Apr 13, 2018 · c5892bc · c5892bc
1 parent 503cd54
commit c5892bc
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 48 deletions.
diff --git a/UEFI.cpp b/UEFI.cpp
@@ -195,12 +195,19 @@ void getUEFIFormSets(vector<UEFI_IFR_FORM_SET_PACK> &formSets, const string &buf
             tempFormSet.titleString = static_cast<uint16_t>(static_cast<unsigned char>(buffer[i + 22]) + (static_cast<unsigned char>(buffer[i + 23]) << 8));
             tempFormSet.usingStringPackage = chosenCandidate;
 
-            // Fix when the selected string package is not enough to decode the string.
-            if (tempFormSet.titleString + stringPackages[chosenCandidate].structureOffset < strings.size())
+            // Avoid overflow
+            if(tempFormSet.titleString > strings.size() || tempFormSet.usingStringPackage > stringPackages.size()) {
+                continue;
+            }
+
+            // Fix when the selected string package is not enough to decode the string
+            if (tempFormSet.titleString + stringPackages[chosenCandidate].structureOffset < strings.size()) {
                 tempFormSet.usingStringPackage = chosenCandidate;
-            else
+            }
+            else {
                 tempFormSet.usingStringPackage = stringCandidates[0];
-
+            }
+
             tempFormSet.title = strings[tempFormSet.titleString + stringPackages[tempFormSet.usingStringPackage].structureOffset];
 
             // Add temp form set to list

diff --git a/main-cli.cpp b/main-cli.cpp
@@ -85,7 +85,7 @@ int main(int argc, char **argv)
 {
 	if (argc != 3)
 	{
-        cout << "EFI/UEFI IFR Extractor LS v0.3.3" << endl;
+        cout << "EFI/UEFI IFR Extractor LS v0.3.4" << endl;
 		cout << "Usage: ifrextract input_file output_file" << endl;
 		return 1;
 	}

diff --git a/main.cpp b/main.cpp
@@ -110,7 +110,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR szCmdLine
 
     // Create window
     hwnd = CreateWindow(appName,
-        TEXT("IFRExtractor LS v0.3.3"),
+        TEXT("IFRExtractor LS v0.3.4"),
         WS_SYSMENU | WS_MINIMIZEBOX,
         0, 0,
         350, 120,
@@ -139,10 +139,9 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
 
     // Check message
     switch (message) {
-
-        // Create
+    
+	// Create
     case WM_CREATE:
-
         // Center window
         RECT rectangle;
         GetWindowRect(hwnd, &rectangle);
@@ -241,7 +240,7 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
         // Break
         break;
 
-        // Command
+    // Command
     case WM_COMMAND:
 
         // Check if extract button action
@@ -374,7 +373,7 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
 
         break;
 
-        // Static color
+    // Static color
     case WM_CTLCOLORSTATIC:
 
         // Make static control transparent
@@ -426,7 +425,7 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
         // Return result
         return (LRESULT)GetStockObject(NULL_BRUSH);
 
-        // Close
+    // Close
     case WM_DESTROY:
 
         // Quit
@@ -440,34 +439,34 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
     return DefWindowProc(hwnd, message, wParam, lParam);
 }
 
-void fileBrowser(HWND hwnd) {
-
-    // Initialize variables
-    OPENFILENAME browserInfo;
-    CHAR szFile[MAX_PATH];
-
-    // Set dialog options
-    ZeroMemory(&browserInfo, sizeof(browserInfo));
-    browserInfo.lStructSize = sizeof(browserInfo);
-    browserInfo.hwndOwner = hwnd;
-    browserInfo.lpstrFilter = TEXT("All files(*.*)\0*.*\0");
-    browserInfo.lpstrFile = szFile;
-    browserInfo.lpstrFile[0] = '\0';
-    browserInfo.nMaxFile = MAX_PATH;
-    browserInfo.nFilterIndex = 1;
-    browserInfo.lpstrInitialDir = NULL;
-    browserInfo.lpstrFileTitle = NULL;
-    browserInfo.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
-
-    // Check if file was selected
-    if (GetOpenFileName(&browserInfo))
-
-        // Update file location edit
-        SetWindowText(fileLocationEdit, TEXT(browserInfo.lpstrFile));
+void fileBrowser(HWND hwnd) 
+{
+	// Initialize variables
+	OPENFILENAME browserInfo;
+	CHAR szFile[MAX_PATH];
+
+	// Set dialog options
+	ZeroMemory(&browserInfo, sizeof(browserInfo));
+	browserInfo.lStructSize = sizeof(browserInfo);
+	browserInfo.hwndOwner = hwnd;
+	browserInfo.lpstrFilter = TEXT("All files(*.*)\0*.*\0");
+	browserInfo.lpstrFile = szFile;
+	browserInfo.lpstrFile[0] = '\0';
+	browserInfo.nMaxFile = MAX_PATH;
+	browserInfo.nFilterIndex = 1;
+	browserInfo.lpstrInitialDir = NULL;
+	browserInfo.lpstrFileTitle = NULL;
+	browserInfo.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
+
+	// Check if file was selected
+	if (GetOpenFileName(&browserInfo)) {
+		// Update file location edit
+		SetWindowText(fileLocationEdit, TEXT(browserInfo.lpstrFile));
+	}
 }
 
-bool saveFile(HWND hwnd) {
-
+bool saveFile(HWND hwnd) 
+{
     // Initialize variables
     OPENFILENAME browserInfo;
     string fileName = fileLocation.substr(0, fileLocation.find_last_of('.')) + " IFR";
@@ -497,8 +496,8 @@ bool saveFile(HWND hwnd) {
     return false;
 }
 
-void showDialog(HWND hwnd) {
-
+void showDialog(HWND hwnd) 
+{
     // Initialize variables
     string header, message;
 
@@ -538,21 +537,21 @@ void showDialog(HWND hwnd) {
     }
 }
 
-bool fileExists(const string &file) {
-
+bool fileExists(const string &file) 
+{
     // Open file
 #if (_MSC_VER < 1600)
     ifstream fin(file.c_str());
 #else
     ifstream fin(file);
 #endif
 
-    // Return if first characetr doesn't equal EOF
+    // Return if first character doesn't equal EOF
     return fin.peek() != EOF;
 }
 
-void readFile(const string &file, string &buffer) {
-
+void readFile(const string &file, string &buffer) 
+{
     // Initialize variables
 #if (_MSC_VER < 1600)
     ifstream fin(file.c_str(), ios::binary);
@@ -571,8 +570,8 @@ void readFile(const string &file, string &buffer) {
     fin.close();
 }
 
-type getType(const string &buffer) {
-
+type getType(const string &buffer) 
+{
     // Go through buffer
     for (unsigned int i = 0; i < buffer.size() - 9; i++)
 
@@ -582,7 +581,7 @@ type getType(const string &buffer) {
             // Return EFI
             return EFI;
 
-    // Otherwise check if a UEFI string pakage was found
+		// Otherwise check if a UEFI string pakage was found
         else if ((buffer[i] != '\x00' || buffer[i + 1] != '\x00' || buffer[i + 2] != '\x00') && buffer[i + 3] == '\x04' && buffer[i + 4] == '\x34' && (buffer[i + 44] == '\x01' || buffer[i + 44] == '\x02') && buffer[i + 45] == '\x00' && buffer[i + 48] == '\x2D' && i + static_cast<unsigned char>(buffer[i]) + (static_cast<unsigned char>(buffer[i + 1]) << 8) + (static_cast<unsigned char>(buffer[i + 2]) << 16) < buffer.size() && buffer[i + static_cast<unsigned char>(buffer[i]) + (static_cast<unsigned char>(buffer[i + 1]) << 8) + (static_cast<unsigned char>(buffer[i + 2]) << 16) - 1] == '\x00' && buffer[i + static_cast<unsigned char>(buffer[i]) + (static_cast<unsigned char>(buffer[i + 1]) << 8) + (static_cast<unsigned char>(buffer[i + 2]) << 16) - 2] == '\x00')
 
             // Return UEFI