Increase arbitrary offset limit in pefile.py

randomascii · Chromium LUCI CQ · commit 3013acbedb8e · 2024-03-18T19:08:17.000Z
In an attempt to detect corrupt files pefile.py imposes an arbitrary maximum offset of 0x10000000 (256 MiB). However Chrome's dcheck official builds exceed that limit which means that uploading of symbols started failing. This change increases the limit to 1 GiB. An issue has been filed against the pefile project for a long-term fix but this fix will unblock dcheck official builds for now. erocarrera/pefile#396 Bug: 329661971 Change-Id: Ica4905a61216a11e4ad56734977582133bc26684 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5377931 Commit-Queue: Bruce Dawson <brucedawson@chromium.org> Reviewed-by: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/main@{#1274350}
diff --git a/third_party/pefile_py3/README.chromium b/third_party/pefile_py3/README.chromium
@@ -16,3 +16,5 @@ headers is accessible, as well as all the sections' details and data.
 Local Modifications:
  - Only pefile.py, ordlookup, and LICENSE are present.
  - BUILD.gn, OWNERS, and README.chromium files were added.
+ - pefile.py patched to increase the 0x10000000 offset limit for
+ https://crbug.com/329661971.
diff --git a/third_party/pefile_py3/pefile.py b/third_party/pefile_py3/pefile.py
@@ -138,6 +138,9 @@ def count_zeroes(data):
 # Limit number of exported symbols
 MAX_SYMBOL_EXPORT_COUNT = 0x2000
 
+# Arbitrary maximum offset to detect suspicious/bogus files.
+MAX_OFFSET = 0x40000000
+
 IMAGE_DOS_SIGNATURE             = 0x5A4D
 IMAGE_DOSZM_SIGNATURE           = 0x4D5A
 IMAGE_NE_SIGNATURE              = 0x454E
@@ -2430,16 +2433,16 @@ def parse_sections(self, offset):
                 self.__warnings.append(
                     'Error parsing section {0}. PointerToRawData points beyond the end of the file.'.format(i))
 
-            if section.Misc_VirtualSize > 0x10000000:
+            if section.Misc_VirtualSize > MAX_OFFSET:
                 simultaneous_errors += 1
                 self.__warnings.append(
-                    'Suspicious value found parsing section {0}. VirtualSize is extremely large > 256MiB.'.format(i))
+                    'Suspicious value found parsing section {0}. VirtualSize is extremely large > {1}.'.format(i, MAX_OFFSET))
 
             if self.adjust_SectionAlignment( section.VirtualAddress,
-                self.OPTIONAL_HEADER.SectionAlignment, self.OPTIONAL_HEADER.FileAlignment ) > 0x10000000:
+                self.OPTIONAL_HEADER.SectionAlignment, self.OPTIONAL_HEADER.FileAlignment ) > MAX_OFFSET:
                 simultaneous_errors += 1
                 self.__warnings.append(
-                    'Suspicious value found parsing section {0}. VirtualAddress is beyond 0x10000000.'.format(i))
+                    'Suspicious value found parsing section {0}. VirtualAddress is beyond {1}.'.format(i, MAX_OFFSET))
 
             if ( self.OPTIONAL_HEADER.FileAlignment != 0 and
                 ( section.PointerToRawData % self.OPTIONAL_HEADER.FileAlignment) != 0):
@@ -4397,7 +4400,7 @@ def get_import_table(self, rva, max_length=None, contains_addresses=False):
         return table
 
 
-    def get_memory_mapped_image(self, max_virtual_address=0x10000000, ImageBase=None):
+    def get_memory_mapped_image(self, max_virtual_address=MAX_OFFSET, ImageBase=None):
         """Returns the data corresponding to the memory layout of the PE file.
 
         The data includes the PE header and the sections loaded at offsets
