-
Notifications
You must be signed in to change notification settings - Fork 522
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parsing failure due to #365 #421
Comments
## Description This commit modifies the PE parsing functionality to only parse the headers of the image, rather than the entire image. This change is made to improve performance and also the probability of failing to parse the entire image. This comes after this commit (erocarrera/pefile#365) in pefile resulted in efi image parsing failures, breaking the build. This commit also wraps the parsing of the image in a try-except block to catch any exceptions that may be raised during parsing, to cleanly exit. See: microsoft/mu_tiano_platforms#1025 and erocarrera/pefile#421 - [ ] Impacts functionality? - [ ] Impacts security? - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested Validated pipelines build on mu_tiano_platforms ## Integration Instructions N/A
While the inclusion of #365 (and follow ups) triggers the problem, it looks like what is happening is a more severe misparsing of the file. This is a little interactive pdb sneak-peek:
0xf95c is the RVA of the debug directory. If we use fast_load and try to get data from that RVA just to confirm:
However if you load the binary into, say, Ghidra, then you'll see that the actual contents at that RVA should be:
So it looks like pefile miscalculated some addresses and went off to read some unrelated part of the binary. Hopefully that's a good starting point for whoever has a better clue of how the address calculations in pefile work :) The reason the inclusion of #365 triggers the problem is because the random piece of the binary that is misparsed as a debug directory entry just happens to have the value 0x14 in the correct spot. |
Hello, #365 with the latest release (2024.8.26) is resulting in a runtime parsing error for some UEFI binaries. I've attached a dump that contains one such binary, it's PDB, and it's MAP file. This binary is built using clang 18.1.5 on Windows. I've also provided the build command, so that you can see all flags used to generate the binary.
dump.zip
Build command
"C:\LLVM\bin\\clang" -MMD -MF c:\src\mu_tiano_platforms\Build\QemuSbsaPkg\DEBUG_CLANGPDB\AARCH64\MdeModulePkg\Bus\Pci\XhciDxe\XhciDxe\OUTPUT\AutoGen.obj.deps -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common -fstack-protector -mstack-protector-guard=global -ffunction-sections -fdata-sections -DSTRING_ARRAY_NAME=XhciDxeStrings -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-unaligned-access -Wno-microsoft-enum-forward-reference -fno-stack-protector -funsigned-char -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -Wno-address -Wno-shift-negative-value -Wno-unknown-pragmas -Wno-incompatible-library-redeclaration -Wno-null-dereference -mno-implicit-float -mms-bitfields -mno-stack-arg-probe -nostdlib -nostdlibinc -fseh-exceptions -m64 -mno-red-zone -mcmodel=small -Oz -flto -target aarch64-unknown-windows-gnu -gcodeview -funwind-tables -Wno-unused-but-set-variable -Wno-deprecated-non-prototype -Wno-constant-conversion -DDISABLE_NEW_DEPRECATED_INTERFACES -c -o c:\src\mu_tiano_platforms\Build\QemuSbsaPkg\DEBUG_CLANGPDB\AARCH64\MdeModulePkg\Bus\Pci\XhciDxe\XhciDxe\OUTPUT\.\AutoGen.obj -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdeModulePkg\Bus\Pci\XhciDxe -Ic:\src\mu_tiano_platforms\Build\QemuSbsaPkg\DEBUG_CLANGPDB\AARCH64\MdeModulePkg\Bus\Pci\XhciDxe\XhciDxe\DEBUG -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdePkg -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdePkg\Include -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdePkg\Test\UnitTest\Include -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdePkg\Test\Mock\Include -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdePkg\Library\MipiSysTLib\mipisyst\library\include -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdePkg\Include\AArch64 -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdeModulePkg -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdeModulePkg\Include -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdeModulePkg\Test\Mock\Include -Ic:\src\mu_tiano_platforms\MU_BASECORE\MdeModulePkg\Library\BrotliCustomDecompressLib\brotli\c\include c:\src\mu_tiano_platforms\Build\QemuSbsaPkg\DEBUG_CLANGPDB\AARCH64\MdeModulePkg\Bus\Pci\XhciDxe\XhciDxe\DEBUG\AutoGen.c
The text was updated successfully, but these errors were encountered: