[Courgette] Restrict PE rel32 scan size to min(virtual_size, size_of_…

…raw_data). For PE files, rel32 scanning previously scans .text data spanning |size_of_raw_data| bytes. However, it's possible for |virtual_size| < |size_of_raw_data|. In this case, any rel32 references found in the data beyond |virtual_size| would have an invalid RVA, causing failure when attempting to translate them to file offsets. This CL fixes the issue by reducing range of rel32 scan size to |min(virtual_size, size_of_raw_data)|, thereby avoiding extracting these invalid rel32 references. Bug: 935283 Change-Id: I81d827d904eb6d168b5268c961419c1855382f69 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1535435 Commit-Queue: Samuel Huang <huangs@chromium.org> Reviewed-by: Etienne Pierre-Doray <etiennep@chromium.org> Reviewed-by: Samuel Huang <huangs@chromium.org> Cr-Commit-Position: refs/heads/master@{#643525}
qweri0p · Mar 22, 2019 · 168ab69 · 168ab69
1 parent c26b4a5
commit 168ab69
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/courgette/disassembler_win32_x64.cc b/courgette/disassembler_win32_x64.cc
@@ -43,7 +43,12 @@ void DisassemblerWin32X64::ParseRel32RelocsFromSection(const Section* section) {
     return;
 
   FileOffset start_file_offset = section->file_offset_of_raw_data;
-  FileOffset end_file_offset = start_file_offset + section->size_of_raw_data;
+  // |virtual_size < size_of_raw_data| is possible. In this case, disassembly
+  // should not proceed beyond |virtual_size|, so rel32 location RVAs remain
+  // translatable to file offsets.
+  FileOffset end_file_offset =
+      start_file_offset +
+      std::min(section->virtual_size, section->size_of_raw_data);
 
   const uint8_t* start_pointer = FileOffsetToPointer(start_file_offset);
   const uint8_t* end_pointer = FileOffsetToPointer(end_file_offset);

diff --git a/courgette/disassembler_win32_x86.cc b/courgette/disassembler_win32_x86.cc
@@ -42,7 +42,12 @@ void DisassemblerWin32X86::ParseRel32RelocsFromSection(const Section* section) {
     return;
 
   FileOffset start_file_offset = section->file_offset_of_raw_data;
-  FileOffset end_file_offset = start_file_offset + section->size_of_raw_data;
+  // |virtual_size < size_of_raw_data| is possible. In this case, disassembly
+  // should not proceed beyond |virtual_size|, so rel32 location RVAs remain
+  // translatable to file offsets.
+  FileOffset end_file_offset =
+      start_file_offset +
+      std::min(section->virtual_size, section->size_of_raw_data);
 
   const uint8_t* start_pointer = FileOffsetToPointer(start_file_offset);
   const uint8_t* end_pointer = FileOffsetToPointer(end_file_offset);