Dereferencing of the null pointer might take place in peconv::is_valid_sectons_alignment

hasherezade / libpeconv

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

https://hasherezade.github.io/libpeconv

BSD 2-Clause "Simplified" License

1.09k stars 177 forks source link

Dereferencing of the null pointer might take place in peconv::is_valid_sectons_alignment #14

Closed ghost closed 4 years ago

ghost commented 4 years ago

It's me again:)

In pe_hdrs_helper.cpp:

    PIMAGE_SECTION_HEADER next_sec = peconv::get_section_hdr(payload, payload_size, i);
    const DWORD next_sec_addr = is_raw ? (next_sec->PointerToRawData) : (next_sec->VirtualAddress);

There might be dereferencing of a potential null pointer "next_sec"

hasherezade commented 4 years ago

Thanks for the patient audit :) Indeed this condition could possibly occur if the sections count in the File Header is set into some big, invalid number (going beyond the PE size).

ghost commented 4 years ago

You're welcome:)))