Skip to content

Correctly limit PE debug symbols#9174

Open
XOR-RAX wants to merge 1 commit into
NationalSecurityAgency:masterfrom
XOR-RAX:pe-debug-symbol-limit
Open

Correctly limit PE debug symbols#9174
XOR-RAX wants to merge 1 commit into
NationalSecurityAgency:masterfrom
XOR-RAX:pe-debug-symbol-limit

Conversation

@XOR-RAX
Copy link
Copy Markdown

@XOR-RAX XOR-RAX commented May 10, 2026
edited
Loading

This patch limits PE debug symbols, thus fixes #9168

mumbel
mumbel reviewed May 11, 2026
View reviewed changes
Comment thread Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/pe/FileHeader.java
if (symbolTableOffset == 0) {
return;
}
if (numberOfSymbols < 0) {
Copy link
Copy Markdown
Contributor

@mumbel mumbel May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unless I'm missing it in the diff, is this PR really just not a +1/-1 here for this logic:
if (numberOfSymbols < NTHeader.MAX_SANE_COUNT) {

-if (numberOfSymbols < 0) {
+if (numberOfSymbols < 0 || numberOfSymbols >= NTHeader.MAX_SANE_COUNT) {

Copy link
Copy Markdown
Author

@XOR-RAX XOR-RAX May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are right. I will check as soon as I have time.

@ryanmkurtz ryanmkurtz self-assigned this May 11, 2026
@ryanmkurtz ryanmkurtz added Feature: Loader/PE Status: Triage Information is being gathered labels May 11, 2026
@CryptoJones CryptoJones mentioned this pull request May 21, 2026
Merged
CryptoJones added a commit to CryptoJones/GayHydra that referenced this pull request May 21, 2026
@CryptoJones @XOR-RAX @claude
Port upstream PR NationalSecurityAgency#9174: Correctly limit PE/COFF…
29ca15f 
… debug symbols (#131)

Cherry-picked from NationalSecurityAgency#9174 (closes upstream issue NationalSecurityAgency#9168).

Original commit: NSA/ghidra@2c0c26f35d82563d4b2fef999314a4f7ce1e5577
Original author: XOR-RAX <XOR-RAX@outlook.com>

Co-authored-by: XOR-RAX <XOR-RAX@outlook.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mumbel mumbel mumbel left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ryanmkurtz ryanmkurtz

Labels

Feature: Loader/PE Status: Triage Information is being gathered

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PE debug symbol limit not honored while parsing a PE file

3 participants

@XOR-RAX @mumbel @ryanmkurtz