From 2c2e108301acc54c89658db87ea20807cf4b2513 Mon Sep 17 00:00:00 2001
From: Mattiwatti <mattiwatti@gmail.com>
Date: Sat, 31 Mar 2018 16:28:28 +0200
Subject: [PATCH] PE: fix comparison against a constant value

 ... due to size always being assigned to right before this comparison,
and instead check against the RVA and size of the export directory
from the header. (note: this is still stricter than the Windows loader
which ignores all of these except the directory RVA, but if the name RVA
is invalid the PE was probably tampered with).
Change 'offset' to 'RVA' in exception message; this field is always an RVA

  Author:    Mattiwatti <mattiwatti@gmail.com>
	modified:   pefile.cpp
---
 src/pefile.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pefile.cpp b/src/pefile.cpp
index e5cf491f..e6074d37 100644
--- a/src/pefile.cpp
+++ b/src/pefile.cpp
@@ -1111,9 +1111,9 @@ void PeFile::Export::convert(unsigned eoffs,unsigned esize)
     size = sizeof(export_dir_t);
     iv.add(eoffs,size);
 
-    if (getsize() <= (unsigned)edir.name) {
+    if (eoffs + esize <= (unsigned)edir.name) {
         char msg[50]; snprintf(msg, sizeof(msg),
-                "bad export directory name offset %#x", (unsigned)edir.name);
+                "bad export directory name RVA %#x", (unsigned)edir.name);
         throwInternalError(msg);
     }
     unsigned len = strlen(base + edir.name) + 1;