Skip to content

Commit

Permalink
Stop at non-conforming Debug Directory entry (#199)
Browse files Browse the repository at this point in the history
Debug directory is not necessary for program execution. Sometimes toolchains
put there data not conforming to any standards. It is still possible to
parse the rest of the file, no need to fail parsing with an error.
  • Loading branch information
batuzovk authored Jun 7, 2024
1 parent 015345d commit f2f0ee9
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions pe-parser-library/src/parse.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1881,20 +1881,30 @@ bool getDebugDir(parsed_pe *p) {
rawData =
curEnt.AddressOfRawData + p->peHeader.nt.OptionalHeader64.ImageBase;
} else {
return false;
// Unrecognized optional header type. We can't process debug entries.
// Debug entries themselves are optional, so skip them.
break;
}

//
// Get the section for the data
//
section dataSec;
if (!getSecForVA(p->internal->secs, rawData, dataSec)) {
return false;
// The debug entry points to non-existing data. This means it is
// malformed. Skip it and the rest. They are not necessary for parsing
// the binary, and binaries do have malformed debug entries sometimes.
break;
}

debugent ent;

auto dataofft = static_cast<std::uint32_t>(rawData - dataSec.sectionBase);
if (dataofft + curEnt.SizeOfData > dataSec.sectionData->bufLen) {
// The debug entry data stretches outside the containing section. It is
// malformed. Skip it and the rest, similar to the above.
break;
}
ent.type = curEnt.Type;
ent.data = makeBufferFromPointer(
reinterpret_cast<std::uint8_t *>(dataSec.sectionData->buf + dataofft),
Expand Down

0 comments on commit f2f0ee9

Please sign in to comment.