Remove print. Fix format. Improve error handling. #263
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Malformed COFF symbol tables can cause pefile to crash (690EB2BFE038A2632F50E8A7E2FB9F64, 3E14E435D4B01127B8526F4B985347E3, A6763BAF63AF7467B3AD3486A0785C9F, etc). Apparently the DWORD symbol table size is bogus and this causes pefile to index out of bound. This commit adds additional error handling to allow parsing to continue even if this occurs.
nogilnick
commented
Jun 15, 2019
| self.symbols = [] | ||
| self.strings = {} | ||
|
|
||
| if (self.string_table_offset + 4) >= len(self.__data__): | ||
| self.__warnings.append('Symbol table is corrupt') | ||
| return | ||
|
|
||
| string_table_size = struct.unpack('<I', self.__data__[self.string_table_offset : self.string_table_offset + 4])[0] |
There was a problem hiding this comment.
This is the DWORD value that can apparently be invalid in some PE files. Loaded one of the samples in IDA pro and it complained of the same value for the string value size.
| self.__warnings.append('Invalid string table size') | ||
| return | ||
|
|
||
| if self.__data__[self.string_table_offset + string_table_size - 1] != 0: |
| @@ -2697,7 +2702,6 @@ def get_symbol_name(symbol, string_table, string_table_size): | |||
| name = s | |||
| else: | |||
| end = string_table[offset:].find(0) | |||
| print(offset, end) | |||
There was a problem hiding this comment.
My script was producing a lot of output in the most recent version of pefile and I identified this as the line producing it.
| @@ -2713,7 +2717,6 @@ def get_symbol_name(symbol, string_table, string_table_size): | |||
|
|
|||
| return name | |||
|
|
|||
| self.symbols = [] | |||
There was a problem hiding this comment.
This value is reference elsewhere and can cause AttributeError if it's not defined.
| @@ -5503,13 +5506,16 @@ def dump_section_relocations(self, section): | |||
| lines.append('-' * 79) | |||
| reloc_table = MACHINE_TYPE_TO_RELOCATION.get(self.FILE_HEADER.Machine) | |||
|
|
|||
| if not hasattr(self, 'symbols'): | |||
| lines.append('<PARSE ERROR>') | |||
| return lines | |||
There was a problem hiding this comment.
This is to avoid dump_info from crashing if the COFF parsing was aborted.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Malformed COFF symbol tables can cause pefile to crash (see 690EB2BFE038A2632F50E8A7E2FB9F64, 3E14E435D4B01127B8526F4B985347E3, A6763BAF63AF7467B3AD3486A0785C9F, etc). Apparently the DWORD symbol table size is bogus and this causes pefile to index out of bound. This commit adds additional error handling to allow parsing to continue even if this occurs.