From f2e257c3ce0bcddcba4eb5b5ec41d8435f601568 Mon Sep 17 00:00:00 2001 From: Kirill Batuzov Date: Wed, 14 Feb 2024 12:53:00 +0300 Subject: [PATCH] Stop at non-conforming Debug Directory entry Debug directory is not necessary for program execution. Sometimes toolchains put there data not conforming to any standards. It is still possible to parse the rest of the file, no need to fail parsing with an error. --- pe-parser-library/src/parse.cpp | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pe-parser-library/src/parse.cpp b/pe-parser-library/src/parse.cpp index ff36c3e..0a04434 100644 --- a/pe-parser-library/src/parse.cpp +++ b/pe-parser-library/src/parse.cpp @@ -1881,7 +1881,9 @@ bool getDebugDir(parsed_pe *p) { rawData = curEnt.AddressOfRawData + p->peHeader.nt.OptionalHeader64.ImageBase; } else { - return false; + // Unrecognized optional header type. We can't process debug entries. + // Debug entries themselves are optional, so skip them. + break; } // @@ -1889,12 +1891,20 @@ bool getDebugDir(parsed_pe *p) { // section dataSec; if (!getSecForVA(p->internal->secs, rawData, dataSec)) { - return false; + // The debug entry points to non-existing data. This means it is + // malformed. Skip it and the rest. They are not necessary for parsing + // the binary, and binaries do have malformed debug entries sometimes. + break; } debugent ent; auto dataofft = static_cast(rawData - dataSec.sectionBase); + if (dataofft + curEnt.SizeOfData > dataSec.sectionData->bufLen) { + // The debug entry data stretches outside the containing section. It is + // malformed. Skip it and the rest, similar to the above. + break; + } ent.type = curEnt.Type; ent.data = makeBufferFromPointer( reinterpret_cast(dataSec.sectionData->buf + dataofft),