Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

retdec-fileinfo crashes when detecting UPX #821

Closed
s3rvac opened this issue Jul 24, 2020 · 0 comments · Fixed by #827
Closed

retdec-fileinfo crashes when detecting UPX #821

s3rvac opened this issue Jul 24, 2020 · 0 comments · Fixed by #827
Assignees
@tamaroth
Labels
bug C-cpdetect C-fileinfo

Comments

@s3rvac
Copy link
Member

s3rvac commented Jul 24, 2020

retdec-fileinfo crashes when detecting UPX inside cpdetect.

Steps to reproduce

$ retdec-fileinfo FILE

where FILE is 0069BBD0F365ECF2020533B9DA5B702FABA808B22A05A3A42401A7065CBA263F.

Expected output

Results from the analysis of the file.

Actual output

Segmentation fault.

Output from valgrind

Invalid read of size 8
   at 0x6FB52F: retdec::cpdetect::PeHeuristics::getUpxHeuristics() (pe_heuristics.cpp:940)
   by 0x70AB45: retdec::cpdetect::PeHeuristics::getFormatSpecificCompilerHeuristics() (pe_heuristics.cpp:2181)
   by 0x6ED119: retdec::cpdetect::Heuristics::getAllHeuristics() (heuristics.cpp:990)
   by 0x6D23B7: retdec::cpdetect::CompilerDetector::getAllHeuristics() (cpdetect.cpp:491)
   by 0x6D410D: retdec::cpdetect::CompilerDetector::getAllCompilers() (cpdetect.cpp:724)
   by 0x6D4718: retdec::cpdetect::CompilerDetector::getAllInformation() (cpdetect.cpp:793)
   by 0x44F37D: retdec::fileinfo::FileDetector::getCompilerInformation() (file_detector.cpp:77)
   by 0x450510: retdec::fileinfo::FileDetector::getAllInformation() (file_detector.cpp:337)
   by 0x4EDEB6: main (fileinfo.cpp:483)
 Address 0x0 is not stack'd, malloc'd or (recently) free'd

Notes

  • The issue is in the following condition on line 940 in src/cpdetect/heuristics/pe_heuristics.cpp: 
    if (pos >= minPos && pos < 0x500 && pos < sections[0]->getOffset())
    For the above-mentioned file, sections.size() == 0, and the code crashes when accessing sections[0]. The pos < sections[0]->getOffset()) condition was added in commit d884728.
  • When fixing the issue, please add the file to our regression-tests suite.

My configuration

  • Current master (235228a).
  • 64b Debian Stretch, GCC 9, Debug build (however, I was also able to reproduce the issue with a release build)
tamaroth added a commit to avast/retdec-regression-tests that referenced this issue Jul 29, 2020
@tamaroth
Test for UPX detection segfault bugfix.
3350abd 
The test ensures the fix for avast/retdec#821
is working as intended.
This was referenced Jul 29, 2020
Merged
Merged
@tamaroth tamaroth linked a pull request Jul 29, 2020 that will close this issue
Fix crash on samples having corrupted PE header (#821) #827
Merged
tamaroth added a commit to avast/retdec-regression-tests that referenced this issue Jul 29, 2020
@tamaroth
Test for UPX detection segfault bugfix.
fa5b047 
The test ensures the fix for avast/retdec#821
is working as intended.
s3rvac added a commit that referenced this issue Jul 29, 2020
@s3rvac
Merge pull request #827 from avast/bug-upx-crash-821
d00ce6f 
Fix crash on samples having corrupted PE header (#821)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tamaroth tamaroth

Labels
bug C-cpdetect C-fileinfo
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix crash on samples having corrupted PE header (#821) avast/retdec
2 participants
@tamaroth @s3rvac