Skip to content

Commit

Permalink
Fix crash on samples having corrupted PE header.
Browse files Browse the repository at this point in the history 
If a sample has corrupted PE header and as a result does not have any
sections, heuristic search for UPX packer will fail as it tries to
access the first section. To remedy this, we need to ensure the sections
exist before we access them.
  • Loading branch information
@tamaroth
tamaroth committed Jul 29, 2020
1 parent 39cb314 commit b35bf1c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/cpdetect/heuristics/pe_heuristics.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -937,7 +937,7 @@ void PeHeuristics::getUpxHeuristics()
// format: x.xx'\0'UPX!
const std::size_t minPos = 5, verLen = 4;
pos = content.find("UPX!");
if (pos >= minPos && pos < 0x500 && pos < sections[0]->getOffset())
if (pos >= minPos && pos < 0x500 && !sections.empty() && pos < sections[0]->getOffset())
{
std::string version;
std::size_t num;
Expand Down

0 comments on commit b35bf1c

Please sign in to comment.