GNU bug report logs - #20264
[PATCH] fix: w32_executable_type() causes a segmentation fault

Previous Next

Package: emacs;

Reported by: Koichi Arakawa <arakawa <at> pp.iij4u.or.jp>

Date: Mon, 6 Apr 2015 03:25:02 UTC

Severity: normal

Tags: patch

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 20264 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Koichi Arakawa <arakawa <at> pp.iij4u.or.jp>
Cc: 20264 <at> debbugs.gnu.org
Subject: Re: bug#20264: [PATCH] fix: w32_executable_type() causes a
 segmentation	fault
Date: Mon, 06 Apr 2015 11:02:47 +0300

> Date: Mon, 06 Apr 2015 12:23:23 +0900 (東京
> 	(標準時))
> From: Koichi Arakawa <arakawa <at> pp.iij4u.or.jp>
> 
> On Windows platform, w32_executable_type() in src/w32proc.c scans
> 'dllname' in an EXE file. But there are some strange EXE files that
> 'dllname' points to an illegal address, for example, Microsoft's Excel
> (excel.exe) and PowerPoint (POWEPNT.EXE). w32_executable_type() causes
> a segmentation fault for those files.
> 
> objdump in binutils seems to know those illegal pointers and discard
> them (pe_print_idata() in bfd/peXXigen.c).
> 
> In the following patch, 'dllname' is checked whether it points to the
> valid section's address space and discarded when it's invalid.

Thanks.

>                for ( ; imports->Name; imports++)
>                  {
>                    char * dllname = RVA_TO_PTR (imports->Name, section,
>                                                 executable);
>  
> +                  if (imports->Name < base || dllname >= base + real_size)
> +                    break;
> +

Shouldn't that "break" be "continue" instead?  IOW, shouldn't we try
all the other entries in the DLL import list?
This bug report was last modified 10 years and 106 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.