From a3beb2a6f7b9ba6af08318355f66f3438770f15d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 3 Oct 2013 17:04:45 -0400
Subject: [PATCH] Improve PE image bounds checking.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 shim.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/shim.c b/shim.c
index 873fd2e..ebd7f0d 100644
--- a/shim.c
+++ b/shim.c
@@ -144,10 +144,18 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
 
 	Adjust = (UINT64)data - context->ImageAddress;
 
+	if (Adjust == 0)
+		return EFI_SUCCESS;
+
 	while (RelocBase < RelocBaseEnd) {
 		Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));
-		RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
 
+		if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {
+			Print(L"Reloc block size is invalid\n");
+			return EFI_UNSUPPORTED;
+		}
+
+		RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
 		if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) {
 			Print(L"Reloc entry overflows binary\n");
 			return EFI_UNSUPPORTED;