retdec-fileinfo reads invalid memory in PeLib::CoffSymbolTable::read()

[s3rvac]

retdec-fileinfo reads invalid memory in PeLib::CoffSymbolTable::read().

Steps to reproduce

$ retdec-fileinfo FILE

where FILE is C658C0CF5E05A1DDBC91CF0E6FCFCDB0942D1584D113FB594BF5F8EE02F43E4A (the file has 14 MB, so it is unsuitable for adding into our regression-tests suite).

Expected output

Here is the result from retdec-fileinfo before the changes concerning image loading:

Input file               : C658C0CF5E05A1DDBC91CF0E6FCFCDB0942D1584D113FB594BF5F8EE02F43E4A.dat
CRC32                    : 36e6f7c8
MD5                      : 18681bc3fa35570e5099f2fe3b65a958
SHA256                   : c658c0cf5e05a1ddbc91cf0e6fcfcdb0942d1584d113fb594bf5f8ee02f43e4a
File format              : PE
File class               : 32-bit
File type                : Executable file
Loader error             : The file is an in-memory image
Loadable anyway          : No
Architecture             : x86
Endianness               : Little endian
Image base address       : 0x400000
Entry point address      : 0x4014e0
Entry point offset       : 0x8e0
Entry point section name : .text
Entry point section index: 0
Bytes on entry point     : 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Detected tool            : Microsoft (linker), dos header style
Overlay offset           : 0xc9d004
Overlay size             : 0x97ffc
Overlay entropy          : 4.635

Actual output

retdec-fileinfo crashes:

Segmentation fault

Stacktrace from valgrind

Invalid read of size 1
   at 0x70F6CA: PeLib::CoffSymbolTable::read(PeLib::InputBuffer&, unsigned int) (CoffSymbolTable.cpp:43)
   by 0x70FAFA: PeLib::CoffSymbolTable::read(std::vector<unsigned char, std::allocator<unsigned char> >&, unsigned long, unsigned long) (CoffSymbolTable.cpp:125)
   by 0x721BDD: PeLib::PeFileT::readCoffSymbolTable(std::vector<unsigned char, std::allocator<unsigned char> >&) (PeFile.cpp:280)
   by 0x586ABF: retdec::fileformat::PeFormat::initStructures(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (pe_format.cpp:883)
   by 0x585FE8: retdec::fileformat::PeFormat::PeFormat(...) (pe_format.cpp:808)
   by 0x4EB4EF: retdec::fileinfo::PeWrapper::PeWrapper(...) (pe_wrapper.cpp:101)
   by 0x45BC42: void __gnu_cxx::new_allocator<...>::construct<...>(...) (new_allocator.h:147)
   by 0x45BB0B: void std::allocator_traits<...>::construct<...>(...) (alloc_traits.h:484)
   by 0x45B94B: std::_Sp_counted_ptr_inplace<...>::_Sp_counted_ptr_inplace<...>(...) (shared_ptr_base.h:548)
   by 0x45B69C: std::__shared_count<...>(...)
   by 0x45B53B: std::__shared_ptr<...>(...)
   by 0x45B3FA: std::shared_ptr<retdec::fileinfo::PeWrapper>::shared_ptr<...>(...)

My configuration

• Current master (commit 4cf40b4)
• 64b Debian, GCC 9.2, Debug build

[ladislav-zezula]

#841