From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#20264: [PATCH] fix: w32_executable_type() causes a segmentation fault Date: Mon, 06 Apr 2015 11:02:47 +0300 Message-ID: <83a8yllm54.fsf@gnu.org> References: <20150406.122323.240448317693586769.arakawa@pp.iij4u.or.jp> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=shift_jis Content-Transfer-Encoding: 8BIT X-Trace: ger.gmane.org 1428307398 13965 80.91.229.3 (6 Apr 2015 08:03:18 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 6 Apr 2015 08:03:18 +0000 (UTC) Cc: 20264@debbugs.gnu.org To: Koichi Arakawa Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Apr 06 10:03:10 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Yf1zx-0003y7-Pj for geb-bug-gnu-emacs@m.gmane.org; Mon, 06 Apr 2015 10:03:09 +0200 Original-Received: from localhost ([::1]:39112 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yf1zx-0005Gp-2N for geb-bug-gnu-emacs@m.gmane.org; Mon, 06 Apr 2015 04:03:09 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47754) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yf1zu-0005Gh-0u for bug-gnu-emacs@gnu.org; Mon, 06 Apr 2015 04:03:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yf1zq-0007sT-RL for bug-gnu-emacs@gnu.org; Mon, 06 Apr 2015 04:03:05 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:56074) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yf1zq-0007sM-Nv for bug-gnu-emacs@gnu.org; Mon, 06 Apr 2015 04:03:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Yf1zq-00050w-F5 for bug-gnu-emacs@gnu.org; Mon, 06 Apr 2015 04:03:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 06 Apr 2015 08:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 20264 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 20264-submit@debbugs.gnu.org id=B20264.142830737319248 (code B ref 20264); Mon, 06 Apr 2015 08:03:02 +0000 Original-Received: (at 20264) by debbugs.gnu.org; 6 Apr 2015 08:02:53 +0000 Original-Received: from localhost ([127.0.0.1]:45850 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Yf1zg-00050O-He for submit@debbugs.gnu.org; Mon, 06 Apr 2015 04:02:52 -0400 Original-Received: from mtaout24.012.net.il ([80.179.55.180]:56776) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Yf1zd-0004zx-LN for 20264@debbugs.gnu.org; Mon, 06 Apr 2015 04:02:51 -0400 Original-Received: from conversion-daemon.mtaout24.012.net.il by mtaout24.012.net.il (HyperSendmail v2007.08) id <0NMD00C00KI81900@mtaout24.012.net.il> for 20264@debbugs.gnu.org; Mon, 06 Apr 2015 10:54:15 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by mtaout24.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NMD002EJKMFYG80@mtaout24.012.net.il>; Mon, 06 Apr 2015 10:54:15 +0300 (IDT) In-reply-to: <20150406.122323.240448317693586769.arakawa@pp.iij4u.or.jp> X-012-Sender: halo1@inter.net.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:101227 Archived-At: > Date: Mon, 06 Apr 2015 12:23:23 +0900 (東京 > (標準時)) > From: Koichi Arakawa > > On Windows platform, w32_executable_type() in src/w32proc.c scans > 'dllname' in an EXE file. But there are some strange EXE files that > 'dllname' points to an illegal address, for example, Microsoft's Excel > (excel.exe) and PowerPoint (POWEPNT.EXE). w32_executable_type() causes > a segmentation fault for those files. > > objdump in binutils seems to know those illegal pointers and discard > them (pe_print_idata() in bfd/peXXigen.c). > > In the following patch, 'dllname' is checked whether it points to the > valid section's address space and discarded when it's invalid. Thanks. > for ( ; imports->Name; imports++) > { > char * dllname = RVA_TO_PTR (imports->Name, section, > executable); > > + if (imports->Name < base || dllname >= base + real_size) > + break; > + Shouldn't that "break" be "continue" instead? IOW, shouldn't we try all the other entries in the DLL import list?