From 4d95f4768260048984694a2f8fedd3dd7ac0213b Mon Sep 17 00:00:00 2001 From: wargio Date: Mon, 22 Aug 2022 18:58:27 +0200 Subject: [PATCH] fix #2957 - oob read in pe_section.c --- librz/bin/format/pe/pe_section.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/librz/bin/format/pe/pe_section.c b/librz/bin/format/pe/pe_section.c index 22ddfdf0439..509f8532a0b 100644 --- a/librz/bin/format/pe/pe_section.c +++ b/librz/bin/format/pe/pe_section.c @@ -244,6 +244,7 @@ struct rz_bin_pe_section_t *PE_(rz_bin_pe_get_sections)(RzBinPEObj *bin) { struct rz_bin_pe_section_t *sections = NULL; PE_(image_section_header) * shdr; int i, j, section_count = 0; + char sec_name[PE_IMAGE_SIZEOF_SHORT_NAME + 1]; if (!bin || !bin->nt_headers) { return NULL; @@ -270,7 +271,9 @@ struct rz_bin_pe_section_t *PE_(rz_bin_pe_get_sections)(RzBinPEObj *bin) { free(new_name); } else if (shdr[i].Name[0] == '/') { // long name is something deprecated but still used - int idx = atoi((const char *)shdr[i].Name + 1); + memcpy(sec_name, shdr[i].Name, PE_IMAGE_SIZEOF_SHORT_NAME); + sec_name[PE_IMAGE_SIZEOF_SHORT_NAME] = '\0'; + int idx = atoi(sec_name + 1); ut64 sym_tbl_off = bin->nt_headers->file_header.PointerToSymbolTable; int num_symbols = bin->nt_headers->file_header.NumberOfSymbols; st64 off = num_symbols * COFF_SYMBOL_SIZE;