From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Koichi Arakawa Newsgroups: gmane.emacs.bugs Subject: bug#20264: [PATCH] fix: w32_executable_type() causes a segmentation fault Date: Mon, 06 Apr 2015 12:23:23 +0900 (=?UTF-8?Q?=E6=9D=B1=E4=BA=AC?= (=?UTF-8?Q?=E6=A8=99=E6=BA=96=E6=99=82?=)) Message-ID: <20150406.122323.240448317693586769.arakawa@pp.iij4u.or.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1428290726 14637 80.91.229.3 (6 Apr 2015 03:25:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 6 Apr 2015 03:25:26 +0000 (UTC) To: 20264@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Apr 06 05:25:13 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Yexez-0007pD-4I for geb-bug-gnu-emacs@m.gmane.org; Mon, 06 Apr 2015 05:25:13 +0200 Original-Received: from localhost ([::1]:38208 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yexex-0001FK-PR for geb-bug-gnu-emacs@m.gmane.org; Sun, 05 Apr 2015 23:25:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54977) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yexev-0001EY-3r for bug-gnu-emacs@gnu.org; Sun, 05 Apr 2015 23:25:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yexeq-0004uE-3H for bug-gnu-emacs@gnu.org; Sun, 05 Apr 2015 23:25:09 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:55959) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yexeq-0004tY-00 for bug-gnu-emacs@gnu.org; Sun, 05 Apr 2015 23:25:04 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Yexep-0004LU-CB for bug-gnu-emacs@gnu.org; Sun, 05 Apr 2015 23:25:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Koichi Arakawa Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 06 Apr 2015 03:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 20264 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.142829065516638 (code B ref -1); Mon, 06 Apr 2015 03:25:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 6 Apr 2015 03:24:15 +0000 Original-Received: from localhost ([127.0.0.1]:45735 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Yexe3-0004KH-07 for submit@debbugs.gnu.org; Sun, 05 Apr 2015 23:24:15 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:41387) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Yexdz-0004K1-AV for submit@debbugs.gnu.org; Sun, 05 Apr 2015 23:24:12 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yexdt-00049g-3O for submit@debbugs.gnu.org; Sun, 05 Apr 2015 23:24:06 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:47758) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yexds-00049Y-Uq for submit@debbugs.gnu.org; Sun, 05 Apr 2015 23:24:04 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54893) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yexdr-00018e-TE for bug-gnu-emacs@gnu.org; Sun, 05 Apr 2015 23:24:04 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yexdm-00048Q-TK for bug-gnu-emacs@gnu.org; Sun, 05 Apr 2015 23:24:03 -0400 Original-Received: from mo-sw1501.iij4u.or.jp ([210.130.239.241]:50297 helo=mo-sw.iij4u.or.jp) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yexdm-00047h-1i for bug-gnu-emacs@gnu.org; Sun, 05 Apr 2015 23:23:58 -0400 DKIM-Signature: v=1;a=rsa-sha256;c=relaxed/simple;d=pp.iij4u.or.jp;h=Date: Message-Id:To:Subject:From:Mime-Version:Content-Type: Content-Transfer-Encoding; i=arakawa@pp.iij4u.or.jp; s=20140530.iij4u; t= 1428290634; x=1429500234; bh=fC2kpVlSt3TpNEv7sX9HcEZZXpafVEQEQKCU7GUtMIk=; b=fRA b3bw8ht/Fz07BHULByUrZaIL3LWP8X+lu7GhG7TCPuheXU7x2NMcrDwzPZGeva6CdbAIgDPMgzLHQ wc8dv8RfovAZeiUGMT/6ijmJqpUR2O4WagHZGvbnzXojc/N+xIq+3+XXH5Vq7WK3Cl2ZgdEmepqvG MSKuJ+zxkpwV4PJp5UDhvKh5XFg2ueahxTKOrfV00lMFw3YxgwEeTced1bYNF9wM2mt26pwZNUcEC UyKsYhd5Gdb3uo2Hgetw4tLM71q19XdCAuOhs2x8dyVGcSPUmPI7aU8xHuIdEeY8A6pK+luZw4L3T w3mo33Nhce3y0mjyCdj+lIOg55U2AZQ==; Original-Received: by mo-sw.iij4u.or.jp (4u-mo-sw1501) id t363Ns3N006556; Mon, 6 Apr 2015 12:23:54 +0900 Original-Received: from localhost (26.176.138.210.rev.vmobile.jp [210.138.176.26]) by mbox.iij4u.or.jp (4u-mbox1501) id t363NhWv032012 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Apr 2015 12:23:52 +0900 X-Mailer: Mew version 6.6 on Emacs 25.0.50 / Mule 6.0 (HANACHIRUSATO) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:101220 Archived-At: Hi folks, On Windows platform, w32_executable_type() in src/w32proc.c scans 'dllname' in an EXE file. But there are some strange EXE files that 'dllname' points to an illegal address, for example, Microsoft's Excel (excel.exe) and PowerPoint (POWEPNT.EXE). w32_executable_type() causes a segmentation fault for those files. objdump in binutils seems to know those illegal pointers and discard them (pe_print_idata() in bfd/peXXigen.c). In the following patch, 'dllname' is checked whether it points to the valid section's address space and discarded when it's invalid. Regards, Koichi Arakawa diff --git a/src/ChangeLog b/src/ChangeLog index 1c3f933..a49fdf4 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2015-04-06 Koichi Arakawa + + * w32proc.c (w32_executable_type): Check whether 'dllname' points + to the section's address space. + 2015-04-04 Jan Dj=E4rv = * xselect.c (x_reply_selection_request) diff --git a/src/w32proc.c b/src/w32proc.c index 7d982f8..d3d9405 100644 --- a/src/w32proc.c +++ b/src/w32proc.c @@ -1618,16 +1618,23 @@ w32_executable_type (char * filename, data_dir[IMAGE_DIRECTORY_ENTRY_IMPORT]; IMAGE_IMPORT_DESCRIPTOR * imports; IMAGE_SECTION_HEADER * section; + char * base; + DWORD_PTR real_size; = section =3D rva_to_section (import_dir.VirtualAddress, n= t_header); imports =3D RVA_TO_PTR (import_dir.VirtualAddress, secti= on, executable); + base =3D RVA_TO_PTR (section->VirtualAddress, section, e= xecutable); + real_size =3D max (section->SizeOfRawData, section->Misc= .VirtualSize); = for ( ; imports->Name; imports++) { char * dllname =3D RVA_TO_PTR (imports->Name, sectio= n, executable); = + if (imports->Name < base || dllname >=3D base + real= _size) + break; + /* The exact name of the cygwin dll has changed with= various releases, but hopefully this will be reas= onably future proof. */