[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#20264: [PATCH] fix: w32_executable_type() causes a segmentation faul
From: |
Eli Zaretskii |
Subject: |
bug#20264: [PATCH] fix: w32_executable_type() causes a segmentation fault |
Date: |
Mon, 06 Apr 2015 11:02:47 +0300 |
> Date: Mon, 06 Apr 2015 12:23:23 +0900 (東京
> (標準時))
> From: Koichi Arakawa <arakawa@pp.iij4u.or.jp>
>
> On Windows platform, w32_executable_type() in src/w32proc.c scans
> 'dllname' in an EXE file. But there are some strange EXE files that
> 'dllname' points to an illegal address, for example, Microsoft's Excel
> (excel.exe) and PowerPoint (POWEPNT.EXE). w32_executable_type() causes
> a segmentation fault for those files.
>
> objdump in binutils seems to know those illegal pointers and discard
> them (pe_print_idata() in bfd/peXXigen.c).
>
> In the following patch, 'dllname' is checked whether it points to the
> valid section's address space and discarded when it's invalid.
Thanks.
> for ( ; imports->Name; imports++)
> {
> char * dllname = RVA_TO_PTR (imports->Name, section,
> executable);
>
> + if (imports->Name < base || dllname >= base + real_size)
> + break;
> +
Shouldn't that "break" be "continue" instead? IOW, shouldn't we try
all the other entries in the DLL import list?