emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#20264: closed ([PATCH] fix: w32_executable_type()

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#20264: closed ([PATCH] fix: w32_executable_type() causes a segmentation fault)
Date: Mon, 06 Apr 2015 10:31:02 +0000 
Your message dated Mon, 06 Apr 2015 13:30:11 +0300
with message-id <address@hidden>
and subject line Re: bug#20264: [PATCH] fix: w32_executable_type() causes a 
segmentation fault
has caused the debbugs.gnu.org bug report #20264,
regarding [PATCH] fix: w32_executable_type() causes a segmentation fault
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
20264: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20264
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: [PATCH] fix: w32_executable_type() causes a segmentation fault Date: Mon, 06 Apr 2015 12:23:23 +0900 (東京 (標準時)) 
Hi folks,

On Windows platform, w32_executable_type() in src/w32proc.c scans
'dllname' in an EXE file. But there are some strange EXE files that
'dllname' points to an illegal address, for example, Microsoft's Excel
(excel.exe) and PowerPoint (POWEPNT.EXE). w32_executable_type() causes
a segmentation fault for those files.

objdump in binutils seems to know those illegal pointers and discard
them (pe_print_idata() in bfd/peXXigen.c).

In the following patch, 'dllname' is checked whether it points to the
valid section's address space and discarded when it's invalid.

Regards,
Koichi Arakawa

diff --git a/src/ChangeLog b/src/ChangeLog
index 1c3f933..a49fdf4 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2015-04-06  Koichi Arakawa  <address@hidden>
+
+       * w32proc.c (w32_executable_type): Check whether 'dllname' points
+       to the section's address space.
+
 2015-04-04  Jan Djärv  <address@hidden>
 
        * xselect.c (x_reply_selection_request)
diff --git a/src/w32proc.c b/src/w32proc.c
index 7d982f8..d3d9405 100644
--- a/src/w32proc.c
+++ b/src/w32proc.c
@@ -1618,16 +1618,23 @@ w32_executable_type (char * filename,
                 data_dir[IMAGE_DIRECTORY_ENTRY_IMPORT];
               IMAGE_IMPORT_DESCRIPTOR * imports;
               IMAGE_SECTION_HEADER * section;
+              char * base;
+              DWORD_PTR real_size;
 
               section = rva_to_section (import_dir.VirtualAddress, nt_header);
               imports = RVA_TO_PTR (import_dir.VirtualAddress, section,
                                     executable);
+              base = RVA_TO_PTR (section->VirtualAddress, section, executable);
+              real_size = max (section->SizeOfRawData, 
section->Misc.VirtualSize);
 
               for ( ; imports->Name; imports++)
                 {
                   char * dllname = RVA_TO_PTR (imports->Name, section,
                                                executable);
 
+                  if (imports->Name < base || dllname >= base + real_size)
+                    break;
+
                   /* The exact name of the cygwin dll has changed with
                      various releases, but hopefully this will be reasonably
                      future proof.  */

--- End Message ---
--- Begin Message --- Subject: Re: bug#20264: [PATCH] fix: w32_executable_type() causes a segmentation fault Date: Mon, 06 Apr 2015 13:30:11 +0300 
> Date: Mon, 06 Apr 2015 18:48:11 +0900
>  (東京 (標準時))
> Cc: address@hidden
> From: Koichi Arakawa <address@hidden>
> 
> I apologize insufficient research. The *illegal* dllname actually
> points to another section. So the previous patch is wrong and it
> should be as follows.

Thanks, I pushed it.

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]