From f2f0ee91f3b6dee41f75b2f775e82015f2b72007 Mon Sep 17 00:00:00 2001 From: Kirill Batuzov Date: Fri, 7 Jun 2024 20:56:12 +0300 Subject: [PATCH] Stop at non-conforming Debug Directory entry (#199) Debug directory is not necessary for program execution. Sometimes toolchains put there data not conforming to any standards. It is still possible to parse the rest of the file, no need to fail parsing with an error. --- pe-parser-library/src/parse.cpp | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pe-parser-library/src/parse.cpp b/pe-parser-library/src/parse.cpp index ff36c3e..0a04434 100644 --- a/pe-parser-library/src/parse.cpp +++ b/pe-parser-library/src/parse.cpp @@ -1881,7 +1881,9 @@ bool getDebugDir(parsed_pe *p) { rawData = curEnt.AddressOfRawData + p->peHeader.nt.OptionalHeader64.ImageBase; } else { - return false; + // Unrecognized optional header type. We can't process debug entries. + // Debug entries themselves are optional, so skip them. + break; } // @@ -1889,12 +1891,20 @@ bool getDebugDir(parsed_pe *p) { // section dataSec; if (!getSecForVA(p->internal->secs, rawData, dataSec)) { - return false; + // The debug entry points to non-existing data. This means it is + // malformed. Skip it and the rest. They are not necessary for parsing + // the binary, and binaries do have malformed debug entries sometimes. + break; } debugent ent; auto dataofft = static_cast(rawData - dataSec.sectionBase); + if (dataofft + curEnt.SizeOfData > dataSec.sectionData->bufLen) { + // The debug entry data stretches outside the containing section. It is + // malformed. Skip it and the rest, similar to the above. + break; + } ent.type = curEnt.Type; ent.data = makeBufferFromPointer( reinterpret_cast(dataSec.sectionData->buf + dataofft),