From f9c8b3fe07f39233c28c7f815a3234aaac8f7065 Mon Sep 17 00:00:00 2001
From: daladim <daladim@users.noreply.github.com>
Date: Mon, 20 Dec 2021 11:07:33 +0100
Subject: [PATCH] read/pe: ignore invalid COFF symbol headers (#410)

Some PE binaries may have pointers to COFF symbols that are invalid.
Since COFF symbols tables are deprecated in PE files anyway, they can be ignored.
---
 src/read/coff/symbol.rs | 9 +++++++++
 src/read/pe/file.rs     | 8 +++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/read/coff/symbol.rs b/src/read/coff/symbol.rs
index 7aa6913a..c954c8a2 100644
--- a/src/read/coff/symbol.rs
+++ b/src/read/coff/symbol.rs
@@ -25,6 +25,15 @@ where
     strings: StringTable<'data, R>,
 }
 
+impl<'data, R: ReadRef<'data>> Default for SymbolTable<'data, R> {
+    fn default() -> Self {
+        Self {
+            symbols: &[],
+            strings: StringTable::default(),
+        }
+    }
+}
+
 impl<'data, R: ReadRef<'data>> SymbolTable<'data, R> {
     /// Read the symbol table.
     pub fn parse(header: &pe::ImageFileHeader, data: R) -> Result<Self> {
diff --git a/src/read/pe/file.rs b/src/read/pe/file.rs
index 03a41ea9..15b42074 100644
--- a/src/read/pe/file.rs
+++ b/src/read/pe/file.rs
@@ -46,7 +46,7 @@ where
         let mut offset = dos_header.nt_headers_offset().into();
         let (nt_headers, data_directories) = Pe::parse(data, &mut offset)?;
         let sections = nt_headers.sections(data, offset)?;
-        let symbols = nt_headers.symbols(data)?;
+        let coff_symbols = nt_headers.symbols(data);
         let image_base = nt_headers.optional_header().image_base();
 
         Ok(PeFile {
@@ -55,7 +55,9 @@ where
             data_directories,
             common: CoffCommon {
                 sections,
-                symbols,
+                // The PE file format deprecates the COFF symbol table (https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#coff-file-header-object-and-image)
+                // We do not want to prevent parsing the rest of the PE file for a corrupt COFF header, but rather return an empty symbol table
+                symbols: coff_symbols.unwrap_or_default(),
                 image_base,
             },
             data,
@@ -604,7 +606,7 @@ pub trait ImageNtHeaders: Debug + Pod {
         SectionTable::parse(self.file_header(), data, offset)
     }
 
-    /// Read the symbol table and string table.
+    /// Read the COFF symbol table and string table.
     ///
     /// `data` must be the entire file data.
     #[inline]